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Abstract. We address the general problem of determining the validity of boolean com- 
binations of equalities and inequalities between real-valued expressions. In particular, we 
consider methods of establishing such assertions using only restricted forms of distributiv- 
ity. At the same time, we explore ways in which "local" decision or heuristic procedures 
for fragments of the theory of the reals can be amalgamated into global ones. 

Let Tadd [Q] be the first-order theory of the real numbers in the language with symbols 
0, 1, +,—,<,... , fa, ■ ■ ■ where for each o £ Q, f a denotes the function f a (x) — ax. Let 
T mu it[Q] be the analogous theory for the language with symbols 0, 1, x , ~, <, . . . , /„, . . .. 
We show that although T[Q] = T a dd[Q] U T mu ;t[Q] is undecidable, the universal fragment 
of T[Q] is decidable. We also show that terms of T[Q] can fruitfully be put in a normal 
form. We prove analogous results for theories in which Q is replaced, more generally, by 
suitable subfields F of the reals. Finally, we consider practical methods of establishing 
quantifier-free validities that approximate our (impractical) decidability results. 



1. Introduction 

This paper is generally concerned with the problem of determining the validity of 
boolean combinations of equalities and inequalities between real-valued expressions. Such 
computational support is important not only for the formal verification of mathematical 
proofs, but, more generally, for any application which depends on such reasoning about the 
real numbers. 

Alfred Tarski's proof [23] that the theory of the real numbers as an ordered field admits 
quantifier-elimination is a striking and powerful response to the problem. The result implies 
decidability of the full first-order theory, not just the quantifier- free fragment. George 
Collins's ^Oj method of cylindrical algebraic decomposition made this procedure feasible 
in practice, and ongoing research in computational real geometry has resulted in various 
optimizations and alternatives (see e.g. |141 16} 15]). Recently, a proof-producing version of 
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an elimination procedure due to Paul Cohen has even been implemented in the framework 
of a theorem prover for higher-order logic [2U] . 

There are two reasons, however, that one might be interested in alternatives to q.e. 
procedures for real closed fields. The first is that their generality means that they can be 
inefficient in restricted settings. For example, one might encounter an inference like 

< x < y -> (1 + x 2 )/(2 + y) 17 < (1 + y 2 )/{2 + x) 10 , 

in an ordinary mathematical proof. Such an inference is easily verified, by noticing that 
all the subterms are positive and then chaining through the obvious inferences. Computing 
sequences of partial derivatives, which is necessary for the full decision procedure, seems 
misguided in this instance. A second, more compelling reason to explore alternatives is 
that decision procedures for real closed fields are not extensible. For example, adding 
trigonometric functions or an uninterpreted unary function symbol renders the full first- 
theory undecidable. Nonetheless, an inference like 

< x < y -> (1 + x 2 )/(2 + e y ) < (2 + y 2 )/(l + e x ) 

is also straightforward, and it is reasonable to seek procedures that capture such inferences. 

The unfortunate state of affairs is that provability in most interesting mathematical 
contexts is undecidable, and even when decision procedures are available in restricted set- 
tings, they are often infeasible or impractical. This suggests, instead, focusing on heuristic 
procedures that traverse the search space by applying a battery of natural inferences in a 
systematic way (for some examples in the case of real arithmetic, see [71 ll7ll2*o] ). There has 
been, nonetheless, a resistance to the use of such procedures in the automated reasoning 
community. For one thing, they do not come with a clean theoretical characterization of the 
algorithm's behavior, or the class of problems on which one is guaranteed success. This is 
closely linked to the fact that the algorithms based on heuristics are brittle: small changes 
and additions as the system evolves can have unpredictable effects. 

The strategy we pursue here is to develop a theoretical understanding that can sup- 
port the design of such heuristic procedures, by clarifying the possibilities and limitations 
that are inherent in a method, and providing a general framework within which to situate 
heuristic approaches. One observation we exploit here is that often distributivity is used 
only in restricted ways in the types of verifications described above. Arguably, any infer- 
ence that requires factoring a complex expression does not count as "obvious." Conversely, 
multiplying through a sum can result in the loss of valuable information, as well as lead to 
increases in the lengths of terms. As a result, steps like these are usually spelled out ex- 
plicitly in textbook reasoning when they are needed. It is therefore natural to ask whether 
one can design procedures that reasonably handle those inferences that do not make use of 
distributivity, relying on the user or other methods to then handle the latter. 

The "distributivity-free" fragment of the theory of the reals as an ordered field can 
naturally be viewed as a combination of the additive and multiplicative fragments, each of 
which is easily seen to be decidable. This points to another motivation for our approach. A 
powerful paradigm for designing useful search procedures involves starting with procedures 
that work locally, for restricted theories, and then amalgamating them into a global pro- 
cedure in some principled way. For example, Nelson-Oppen methods are currently used to 
combine decision procedures for theories that are disjoint except for the equality symbol, 
yielding decision procedures for the universal fragment of their union. Shostak methods 
perform a similar task more efficiently by placing additional requirements on the theories 



COMBINING DECISION PROCEDURES FOR THE REALS 



3 



to be amalgamated. (See |18( I22j and the introduction to [3] for overviews of the various 
approaches.) Such methods are appealing, in that they allow one to unify such decision 
procedures in a uniform and modular way. This comes closer to what ordinary mathemati- 
cians do: in simple, domain-specific situations, we know exactly how to proceed, whereas 
in more complex situations, we pick out the fragments of a problem that we know how to 
cope with and then try to piece them together. One would therefore expect the notion of 
amalgamating decision procedures, or even heuristic procedures, to be useful when there is 
more significant overlap between the theories to be amalgamated. For example, the Nelson- 
Oppen procedure has been generalized in various ways, such as to theories whose overlap is 
"locally finite" ^S]. Our results here show what can happen when one tries to amalgamate 
decision procedures for theories where the situation is not so simple. 

Sections |2] and |HJ below, provide general background. In Section |2 we discuss the 
theoretical results that underly Nelson-Oppen methods for combining decision procedures 
for theories that share only the equality symbol, or for theories with otherwise restricted 
overlap. In Section |HJ we describe some particular decision procedures for fragments of the 
reals, which are candidates for such a combination. 

In Section |31 we define the theories T[.F], which combine the additive and multiplicative 
fragments of the theory of the reals, allowing multiplicative constants from a field F. The 
theory T[F], in particular, can, alternatively, be thought of as the theory of real closed fields 
minus distributivity, except for constants in F. Because of the nontrivial overlap, Nelson- 
Oppen methods no longer apply. In Section we provide two examples that clarify what 
these theories can do. On the positive side, we show that when a multivariate polynomial 
has no roots on a compact cube, T[Q] is strong enough to prove that fact. On the negative 
side, we show that the theories T[F] cannot prove x 2 — 2x + 1 > 0, a fact which is easily 
proved using distributivity. 

In Sections EHH1 we establish our decidability results. Using a characterization of the 
universal fragment of T[F] developed in Section H3 we show, in Sectional that whenever F 
is an appropriately computable subfield of R, the universal fragment of T[F] is decidable. 
So, in particular, the universal fragment of T[Q] is decidable. In Sectional we describe 
normal forms for terms of T[.F], which make it easy to determine whether two terms are 
provably equal. We also show that these provable equalities are independent of the parts 
of the theory that have to do with the ordering. 

In Sections I^ Hlll we establish our undecidability results. In Section |5J we present 
a flexible technique that will allow us to build suitable models of the theories Tfi* 1 ]. In 
Section 1101 we use this technique to reduce the problem of determining the truth of an 
existential sentence over the field F to that of the provability of a related formula in T[F]. 
As a result, if Diophantine equations in the rationals are unsolvable (which is generally 
believed to be the case), then so is the set of existential consequences of T[Q]. In Section HTl 
we reduce the problem of determining the solvability of a Diophantine equation in the 
integers to the provability of a related WV3*-sentence in any T[.F]. As a result, we have an 
unconditional undecidability result for that fragment. 

The procedure implicit in our decidability results is not useful in practice: it works 
by reducing the question as to whether a universal sentence in provable in T[F] to the 
question as to whether a more complex sentence in provable in the theory of real closed 
fields, and then appeals the the decidability of the latter. In Sections I12H14| we consider 
the problem of designing pragmatic procedures that approximate our decidability results, 
are more flexible than decision procedures for real closed fields, and work reasonably well 
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on ordinary textbook inferences. In Section IT2l we suggest a restriction of the theories T[F] 
which avoids disjunctive case splits, which are a key source of infeasibility. In Section IT51 we 
describe a search procedure that works along these lines, making use of the normal forms 
introduced in Section |HJ In Section 1141 we indicate a number of directions in which one 
might extend and improve our crude algorithm. 

Finally, in Section Hoi we offer some final thoughts and conclusions. 

2. Combining decision procedures 

In this section, we briefly review the mathematical foundation for the Nelson-Oppen 
combination procedure [2^. For more detail, see |H EU HEl EH; an important program 
verification system based on these method is described in |13j . 

Let A be the set of first-order formulas in the language of equality asserting that the 
universe is infinite. A theory T is said to be stably infinite if whenever T U A proves a 
universal sentence ip, then T proves it as well. Equivalently, T is stably infinite if whenever 
a quantifier-free formula is satisfied in any model of T, it is satisfied in some infinite model 
of T. In particular, if T only has infinite models, then T is stably infinite. 

The Nelson-Oppen procedure for combining decidable theories of equality is based on 
the following: 

Theorem 2.1. Suppose T\ is a theory in a language L\, T2 is a theory in a language L2, T\ 
and T2 are stably infinite, and the languages L\ and L2 are disjoint except for the equality 
symbol. Suppose the universal fragments of T\ and T2 are decidable. Then the universal 
fragment of T% U T2 is decidable. □ 

The proof of Theorem 12.11 is not difficult. The question as to whether T\ U T2 proves 
a universal formula is equivalent to the question as to whether it proves the quantifier-free 
matrix. (One can treat the free variables as new constants, if one prefers, but here and below 
we will speak in terms of proving or refuting sets of formulas with free variables.) Since any 
quantifier-free formula can be put in conjunctive normal form, the problem reduces to that 
of determining provability of disjunctions of literals, or, equivalently, that of determining 
whether T\ U T2 refutes a conjunction of literals. 

Let r be a set of literals. The first step in the procedure is to introduce new vari- 
ables to "separate terms." For example, the universal closure of a formula of the form 
ip{f{s\, . . . , Sk)) is equivalent to the universal closure of x = f(s%, . . . , Sk) — * tp(x), where x 
is a new variable. This is, in turn, equivalent to the universal closure of y\ = s\ A . . . A y& = 
Sf. A x = f(yi, ■ ■ ■ ,yk) ^p( x )- By introducing new variables in this way, we can obtain 
sets of equalities LTi and IT 2 in L\ and L2 respectively, and a set of literals, II3, in which no 
function symbols occur, such that T\ U T2 refutes V if and only if it refutes IT U II2 U II3. 
Let Y\ be IT together with the literals in II3 that are in L\, and let T2 be II2 together with 
the literals in II3 that are in L2 ■ Then each T j is in the language of Tj , and T\ U T2 refutes 
r if and only if T\ U T2 refutes T\ U T2- 

By the Craig interpolation theorem, T\ U T2 refutes T\ U T2 if and only if there is a 
quantifier-free interpolant 9 in the common language (i.e. involving only the equality symbol 
and variables common to both Ti and T2) such that 

Ti U Ti h 

and 

t 2 u r 2 u {6} h i_. 
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By the assumption that T\ and T 2 are stably infinite, we can assume without loss of gen- 
erality that each includes A. Since the theory of equality in an infinite structure has 
quantifier-elimination, 9 is equivalent to a quantifier-free formula. In fact, we can assume 
without loss of generality that 9 is in disjunctive normal form. So we are looking for a 
sequence 9\, . . . , 9 n of finite conjunctions of literals such that for each i, 

Ti U Ti h 9i V . . . V 9 n 

and 

t 2 u r 2 u {0*} h J. 

for each i. 

Each disjunct 9{ describes relationships between the variables x of Ti U r 2 , in the 
language L\ n L 2 , which has only the equality symbol. The key point is this: over A, 
every "complete type" (that is, complete, consistent set of formulas with free variables x) is 
determined by an exhaustive description of which of the variables are equal to one another 
and which are not. Furthermore, there are only finitely many such descriptions. Without 
loss of generality, we can assume that each 9i is of this form, because otherwise it can be 
rewritten as a disjunction of such. Thus we simply need to use the decision procedure 
for T 2 to determine all the complete types 9{ that can be refuted by T 2 U T 2 , and then 
use the decision procedure for T\ to determine whether T\ U Y\ proves their disjunction. 
Equivalently, we can use the decision procedures to determine all the complete types that 
are consistent with either side; T can be refuted if and only if there is no complete type 
that is consistent with both. 

This naive procedure is not very efficient. In fact, the Nelson-Oppen procedure itera- 
tively searches for a disjunction of equalities derivable from either T\ U Y\ or T 2 U T 2 , adds 
this disjunction to the hypotheses, and then splits across the cases. It is not hard to show 
that this variant is complete; one can view it in terms using both T\ U Ti and T 2 U T 2 
to derive a sequence of increasingly strong disjunctions of conjunctions of positive literals, 
until either a contradiction is reached or no further strengthening can be found. In the 
latter case, one can read off a complete type consistent with both T\ U Y\ and T 2 U T 2 . The 
procedure is much more efficient if either of the theories Tj is convex, that is, whenever 92 is 
a conjunction of literals and Ti U <p> h x\ = y\ V . . . V x^ = y^ then Tj U <p h X{ = yi for some i. 
The linear theory of the reals has this property, though the multiplicative theory does not. 
Shostak's procedure provides further optimization under the assumptions that terms in the 
theory are "canonizable" and "solvable," again, features that are commonly satisfied. 

For future use, we record the effects of "separating terms," as described above. We no 
longer assume L\ and L 2 are disjoint languages. 

Proposition 2.2. Let (p be any universal sentence in the language L\ U L 2 . Then ip is 
equivalent to a sentence of the form 

Vx (9 1 (x)A9 2 (x)^9 3 (x)), 

where 9\ is a conjunction of equalities in L±, 6* 2 is a conjunction of equalities in L 2 , and 
#3 is a quantifier-free formula in L\ U L 2 with no function symbols. As a result, ip can be 
written as a conjunction of formulas of the form 

Vf (v?i(x) V^ 2 (x)), (2.1) 
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where each tpi is a quantifier- free formula in Li. If all the relation symbols in L\ U L2 are 
common to both L\ and L2, or if the matrix of ip is equivalent to a disjunction of literals, 
one conjunct of the form (|2.1|) suffices. □ 



3. Decision procedures for fragments of the reals 

The method described in Section [21 requires only that the universal fragments of the 
theories T\ and T2 are decidable, and that for any sequence of variables, there are only 
finitely many complete types in the common language, each of which can be described by 
a single quantifier-free formula. In particular, we have the following: 

Theorem 3.1. Let T\ and T2 be theories extending the theory of dense linear orders without 
endpoints, with only < and = in the common language. If the universal fragments of T\ 
and T2 are decidable, then the universal fragment of T\ U T2 is also decidable. O 

As was the case when equality was the only common symbol, this theorem can be stated 
even more generally: we only need assume that T\ and T2 satisfy the property obtained 
by replacing A by the theory of dense linear orders without endpoints in the definition 
of "stably infinite" above. Of course, Theorem 13.11 can be iterated to combine theories 
T\, T2, T3, . . . with the requisite properties. 

Let us consider some examples of fragments of the reals that admit quantifier-elimination, 
and are hence decidable. Note that to eliminate quantifiers from any formula it suffices to 
be able to eliminate a single existential quantifier, i.e. transform a formula 3x (p, where (p 
is quantifier-free, to an equivalent quantifier-free formula. Since 3x (<p V ip) is equivalent to 
3x tp V 3x ip, we can always factor existential quantifiers through a disjunction. In partic- 
ular, since any quantifier-free formula can be put in disjunctive normal form, it suffices to 
eliminate existential quantifiers from conjunctions of atomic formulas and their negations. 
Also, since 3x (<p A 1(1) is equivalent to 3x ip A ip when x is not free in ip, we can factor out 
any formulas that do not involve x. Furthermore, whenever we can prove Vrc (6 V rf), 3x (p 
is equivalent to 3x (ip A 9) V 3x (p A rj); so we can "split across cases" as necessary. We will 
use all of these facts freely below. 

Proposition 3.2. The theory of (R, 0, 1, +, — , <) admits elimination of quantifiers, and 
hence is decidable. 

This theory is commonly known as linear arithmetic, and is the same as the theory of 
divisible ordered abelian groups. The universal fragment coincides with that of the theory 
of ordered abelian groups. The method of eliminating an existentially quantified variable 
implicit in the proof is known as the Fourier- Motzkin procedure. 

Proof. It is helpful to extend the language to include multiplication by rational coefficients, 
though we can view this as nothing more than a notational convenience: for example, if 
n is a natural number, we can take nx to abbreviate x + x + . . . + x, and when n, m, k, I 
are natural numbers with m and I nonzero we can take (n/m)s = (k/l)t to abbreviate 
nls = kmt. 

Consider a sentence 3x ip, where ip is quantifier- free. Writing s^t as s<tVt<s and 
s t as t < sV t = s, we can assume without loss of generality that tp is a positive boolean 
combination of atomic formulas of the form s = t and s < t. Putting p in disjunctive 
normal form and factoring the existential quantifier though the disjunction we can assume 
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ip is a conjunction of atomic formulas. Solving for x, we can express each of these in the 
form x = s, x < s, or s < x, where s does not involve x (atomic formulas that do not 
involve x can be brought outside of the existential quantifier). 

If any of the conjuncts is of the form x = s, then 3x (p(x) is equivalent to <p(s), which is 
quantifier- free. So we are reduced to the case where tp is of the form (/^ Sj < cc)A(/\ ■ x < tj). 
In that case, it is not hard to verify that 3x (p is equivalent to • Sj < tj. □ 

For more on the Fourier- Motzkin procedure, see pQ. In fact, more efficient elimination 
procedures are available, and are not much more complicated; see |19( 127] . 

Proposition 3.3. The theory of (R, 0, 1, —1, X, +, <) with the convention = admits 
elimination of quantifiers, and hence is decidable. 

Proof. Since (R >0 , 1, x, <) is isomorphic to (R, 0, +, — , <), the previous argument shows 
that the theory of this structure has quantifier-elimination. For the larger structure, consider 
3x ip, where ip is quantifier- free. As above, we can assume <p is a conjunction of equalities and 
strict inequalities. Introducing case splits we can assume that <p determines which variables 
are positive, negative, or 0. Temporarily replacing negative variables by their negations, 
we can further assume that <p implies that all the variables are positive. Bringing negation 
symbols to the front of each term, we are left with a conjunction of atomic formulas of the 
form ±s < ±t, where s and t are products of variables assumed to be positive. But then 
—s < t is equivalent to T; s < —t is equivalent to _L; and —s < —t is equivalent to t < s. 
Similarly, — s = — t is equivalent to s = t, and both s = —t and —s = t are equivalent to _L. 
So, we are reduced to the case where all the variables are positive. □ 

Proposition 3.4. The theory of (R, exp, ln,0, 1, <), where exp(x) = e x and ln(x) = for 
non-positive x, admits quantifier-elimination, and hence is decidable. 

Proof. Once again, we are reduced to the case of eliminating a quantifier of the form 3x (p 
where ip is a conjunction of equalities and strict inequalities. Expressions of the form 
ln(exp(s)) simplify to s, and across a case split of the form s > V s < an expression of 
the form exp(ln(s)) simplifies to s or 0. Using the equivalences s < t <-> exp(s) < exp(t) and 
introducing case splits as necessary, we are reduced to the case where ip is a conjunction of 
terms of the form u < exp n (v), u > exp n (v), and u = exp n (v), where u and v are variables 
and exp n (u) denotes n applications of exp to u. If there is an equality using x, we can use 
that to eliminate the existential quantifier. Otherwise, for suitable k we can arrange that <p 
is a conjunction of formulas of the form Sj < exp k (x) and exp k {x) < tj, in which case 3x tp 
is equivalent to (/\^ • Sj < tj) A (f\j < tj). □ 

From Theorem 13 . 1 1 we have: 

Corollary 3.5. The universal fragment of the union of the three theories above is decidable. 

The decision procedure implicit in the proof of Corollary 13. 51 is. unfortunately, not very 
useful. There is a sense in which is does too little, and another sense in which it does too 
much. 

A sense in which the procedure does too little is that the union of the three theories is 
too weak. For example, it is not hard to show (either using the interpolation theorem or a 
model-theoretic argument) that the theory does not prove 2x2 = 4, where 2 abbreviates 
the term 1 + 1, and 4 abbreviates 1 + 1 + 1 + 1. Similarly, it fails to prove x + x = 2x. In the 
next section, we will focus on the additive and multiplicative fragments of the reals, and 
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respond to this problem by augmenting the structures to allow multiplication by arbitrary 
rational constants, or, more generally, constants from a suitably computable subfield F of 
the reals. Unfortunately, this means that the two structures share a language with infinitely 
many function symbols, and so the methods described in the last section can no longer be 
used. We will have to do a good deal of additional work to establish decidability in this 
case. 

A sense in which the algorithm implicit in the proof of Corollary 13.51 does too much 
is that even in the absence of the new multiplicative constants, it is inefficient: the com- 
bination procedure relies on the fact that one can enumerate all possible descriptions of 
equalities and inequalities between variables, and, in general, the number of possibilities 
grows exponentially. Our proof of decidability for the augmented theories involves a re- 
duction to the theory of real-closed fields, and so it does not represent a practical advance 
either. In Sections I12H141 we will address the issue of developing practical procedures that 
approximate the theories we describe here. 

4. The theories T[F] 

Let F denote any subfield of the reals. Let T a dd[F] be the theory of the real numbers 
for the language with symbols 

0, 1, +, — ,<,... , fa) ■ ■ ■ 

where for a S F, f a denotes the function f a (x) = ax. Let T mu i t [F] be the analogous theory 
for the language with symbols 

0, 1, X , -j-, <, . . . , f a , . . . 

where x -f- y is interpreted as when y = 0. Our central concern in this paper is the 
union of these two theories, T[F] = T a dd[F] UT mu n[F]. It will also be useful to denote their 
intersection, T a dd[F]r\T mu it[F], by T comm [F]. It often makes sense to restrict one's attention 
to computable subfields F of the real numbers; in particular, Q, the minimal such subfield, 
is a natural choice. We will see below that, in a sense, the field of real algebraic numbers A 
represents a maximal choice. Intermediate choices are also possible; for example, one might 
consider the smallest field containing Q and closed under taking roots of positive numbers. 
It should be clear that each T[F] proves, for example, 2x2 = 4 and x + x = 2x. 

We claim that the theories T[F] are natural, and are sufficient to justify many of the 
inferences that come up in ordinary mathematical texts. The latter claim is an empirical 
one, however, and we will not try to justify it here. 

Each of T comm [F], T a dd[F], and T mu i t [F] has quantifier-elimination, and hence is com- 
plete. The elimination procedures sketched in Section |3] can easily be extended to T a dd [F] 
and T mu i t [F], assuming the operations on F are computable, in which case these theories 
are decidable as well. Similarly, a quantifier-elimination procedure for T comm [F] is easily 
obtained by extending the usual procedure for dense linear orders without endpoints, so 
this theory is also complete, and decidable when F is computable. 

Reflecting these elimination procedures yields complete axiomatizations of the relevant 
theories. The theory T comm [F] is axiomatized by the following: 

(1) < is a dense linear order 

(2) < 1 

(3) fa{fb{x)) = fab{x), for every a,b G F 
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(4) /(,(*) = 0, fi(x) = x 

(5) x < y «-> f a (x) < f a (y) for < a E F 

(6) x < y «-> f a {x) > f a (y) for > a e F 

(7) < x ->• x < f a (x) for 1 < a E F 

One obtains an axiomatization for T a <id[F} by adding the following: 

(1) 0, + , < is an ordered abelian group 

(2) x — y=z^x=y+z 

(3) f a (x + y) = f a (x) + f a (y) 

(4) f a +b(x) = f a (x) + f b (x) 

Similarly, one obtains an axiomatization of T mu u[F] by adding the following to T comm [F]: 

(1) 1, x, < is a divisible ordered abelian group on the positive elements 

(2) x/y = z^(y = 0Az = Q)Vx = yz 



In Sections I^ Mlll we will prove undecidability results for fragments of T[F]. We will 
find it useful to work with the following alternative system, T[F]*, based on the symbols 
0, 1, +, x , < together with constant symbols c a for a £ F. The axioms of T[F]* fall naturally 
into four groups: 

(1) 0, +, < is an ordered abelian group 

(2) 1, x, < is a divisible ordered abelian group on the positive elements 

(3) (a) c a+b = c a + c b , for a,b £ F 

(b) c ab = c a x c b , for a,b£ F 

(c) < c a for < a, a 6 F 

(4) (a) c a+b x x = (c a x x) + (c b x x), for a, b £ F 
(b) c a x (x + y) = (c a x x) + (c a x y), for a E F 

Note that the extra symbols in the language of T[F] are easily definable in T[F]*. It is 
straightforward to verify the following. 

Lemma 4.1. Let <p be a formula in the language of T[F] without — , Let ip* be the result 
of replacing each occurrence of f a (t) with c a x t, inductively, from innermost to outermost. 
Then ip is provable in T[F] if and only if ip* is provable in T[F]*. □ 

Lemma 4.2. Let ip be a formula in the language of T[F]*. Let ip' be the result of replacing 
each occurrence of c a with / a (l)- Then <p is provable in T[F]* if and only if ip' is provable 



Theorem 4.3. T[F] and T[F]* prove the same sentences involving only the symbols 



Below we will call the symbols f a the auxiliary function symbols and the symbols c a the 
auxiliary constant symbols. For readability, we will write ax instead of f a (x) or c a x when 
the context makes the meaning clear. 

The following shows that as far as provability of formulas in the language of real closed 
fields is concerned, there is never a need to go beyond the real algebraic numbers in choosing 
F. 

Theorem 4.4. T\R] is a conservative extension of T[A]. 



(3) fa{xy) = f a (x)y 



in T[F]. 



□ 



0,1,+, x,<. 



□ 



Proof. Since -j- and — are definable in terms of the other symbols of T[F], we can focus on 
sentences in which these symbols do not occur, and use Theorem 14.31 
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Let d be a proof of a sentence tp in T[R]*, where tp is in the language of T[A]*. Assign 
variables y to the auxiliary constant symbols occurring in <p, and let ip(y) define the corre- 
sponding real algebraic numbers in the language of real closed fields. Assign variables z to 
all the additional auxiliary constant symbols occurring in d, and let 9(y, z) be the conjunc- 
tion of all the axioms of T[R] used in d, with the constants replaced by the corresponding 
variables. The assertion 3y, z (9(y, z) Aip(y)) is true of the real numbers, and so, by transfer 
(i.e. the completeness of the theory of real closed fields, of which both the reals the real 
algebraic numbers are a model), it is true of A as well. Let a, b be real algebraic numbers 
witnessing the existential quantifiers. Because tp(a) determines a uniquely, a corresponds 
to the original auxiliary constant symbols in ip. Thus we have the even stronger result that 
d can be interpreted as a proof in T[A]*, taking the constant symbols to denote a, b. □ 

This argument shows, more generally, that to prove a sentence with auxiliary function 
symbols f ai , . . . , f an , there is no need to go beyond the real algebraic closure of {a±, . . . , a n }. 

5. Examples 

To provide a better feel for the theories T[F], in this section we consider some theorems 
that clarify their strength. The first theorem provides a lower bound by showing that a 
decision procedure for the universal fragment of any T[F] implies a decision procedure for 
the existence of roots of a multivariate polynomial on the unit cube. 

Theorem 5.1. Let F be any subfield of the real numbers, and let f{x\, . . . , Xk) be a 
multivariate polynomial with coefficients in F. Let / = [0, l] fc be the compact /c-dimensional 
unit cube. Then / is nonzero on I if and only if T[F] proves that fact. 

Proof. The "if" direction follows from the fact that the axioms of T[F] are true of the real 
numbers. On the other hand, by the intermediate value theorem, if a polynomial function 
/ is nonzero on /, then it is either strictly positive or strictly negative on /. So it suffices 
to show that if / is strictly positive on /, then T[F] proves that this is the case. 

Suppose f(x) = X^i<n where each ij is a monomial in x\, . . . , xi with a coefficient 
in F, and suppose / is strictly positive on /. Given a point {a±, . . . , at) in /, let = f(a) > 
0, and for each i, let r^j = ti(a). By continuity, we can find an open neighborhood of 
a, such that for each b G Us, U(b) > — rg/3n. Shrinking Us if necessary, we can assume 
that Ug is a product of open intervals with rational endpoints. 

By compactness, U is covered by a finite set of these open neighborhoods, say Us 1 , • • • , Ug m ■ 
Then: 

(1) T[F] proves Vx (x G / — > x G Ug 1 V ... V Us m ). In fact, this can be proved by 
T comm [F], since it is purely a property of the ordering on the rational numbers. 

(2) For each j < m and i < n, T mu i t [F] proves x £ Us i — ► U(x) > qij, where qij is any 
rational number less than rg j:i — rg./3n and greater than rg.^ — rg./2n. 

(3) Using these lower bounds, for each j < m, T a dd[F] can prove x G U^ — > f(x) > 

The result follows from the fact that in the last claim, 

> J2( r Si,i - r % / 2 «) = r Sj ~ r Sj /2 = r Sj /2 > 0. 

i<n i<n 

This completes the proof. □ 
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As an example of something T[F] cannot do, consider the inequality x 2 — 2x + 1 > 0. 
That this is generally valid is clear from writing x 2 — 2x + 1 = (x — l) 2 , but this equality is 
a consequence of distributivity, which is not available in T[F]. In fact, we have: 

Theorem 5.2. For any F, T[F] proves Vx (x 2 — 2x + 1 > e) if and only if e < 0. In 
particular, T[F] does not prove Vx (x 2 - 2x + 1 > 0). 

Moreover, proofs of Vx (x 2 — 2x + 1 > e) in T[F] necessarily get longer as e approaches 
0, and the results that follow provide explicit lower bounds. Focusing on the domain of the 
function x 2 — 2x + 1 instead of the range, we also have: 

Theorem 5.3. For any F, 

(1) T[F] proves Vx (x < r — » x 2 — 2x + 1 > 0) if and only if r < 1. 

(2) T[F] proves Vx (x > r — ► x 2 — 2x + 1 > 0) if and only if r > 1. 

Theorem 15.31 implies Theorem 15.21 Assuming x E [1 — 5, 1 + 5] for a small rational 
constant 5, T[F] can easily show x 2 > 1 — 25 + 5 2 and 2x < 2 + 25, and hence x 2 — 2x + 1 > 
—4(5 + 5 2 > —45. So, taking r to be 1 — 5 and 1 + 5, respectively, in the two clauses 
Theorem 15.31 we have the "if" direction of Theorem 15.21 But the "only if" direction is a 
consequence of the fact that T[F] does not prove Vx (x 2 — 2x + 1 > 0), which is immediate 
from Theorem 15.31 

The two clauses of Theorem 15.31 are proved in a similar way, and so we will only prove 
the first. Since T[F] easily proves x<0^x 2 — 2x + l > 0, we can replace the first 
statement in Theorem 15.31 by Vx (0 < x < r — ► x 2 > 2x — 1). T[F] proves this if and only 
if it refutes the set of formulas 

{0 < x, x < r, u = x 2 , u <2x — 1}. 

Recall that this happens if and only if there is an interpolant, 0, in disjunctive normal form, 
such that 

T mult [F]U{0<x,x<r,u = x 2 }^6 (5.1) 

and 

T add [F]U{u<2x-l}U0^ ±. (5.2) 

So it suffices to show: 

Theorem 5.4. There is a DNF formula 6 with at most n disjuncts satisfying (|5,1[) and 
1)5.2(1 if and only if r <= n/(n + 1). 

Proof. We will first show that if 9 has n disjuncts and satisfies (|5.1|) and (|5.2|) then r < 
n/{n + 1). We will then show that, in fact, for r = n/{n + 1) such a 9 exists. 

Write 9 = 9\ V . . . V 9 n , where each 9i is a conjunction of literals involving only x and 
u. It is not hard to see that each 9{ is equivalent to a conjunction of literals of the form 

a<x<bAc<u<dAex<u<fx 

where each <i is either < or < (and some of the conjuncts may be absent). T mu i t [F] U {0 < 
x, x < r, u = x 2 } proves this equivalent to a conjunction of the form 

a<x<i&Aa 2 <iu<i6 2 Aax<iu<i6x (5-3) 

for some a, b in [0, 1], and from the point of view of T add [F] U {2x — 1 < u}, each of these 
disjuncts is no weaker than the original. Thus it suffices to prove the claim for interpolants 
that are of the form ()5.3|) • 
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Now, T a dd[F] U {u < 2x — 1} refutes 9 if and only if it refutes each disjunct. Thus the 
following lemma is crucial to our analysis. 

Lemma 5.5. For a, b in [0, 1), T a dd[F] U {2x — 1 < u} refutes H5.3|) . for any versions of the 
relation <, if and only if b < 1/(2 — a). 

Proof. If fe < a, T add [F] U {2x - 1 < u} easily refutes (fOj) . and b < 1/(2 - a) holds. So it 
suffices to consider the case a < b. 

We need only work through the Fourier-Motzkin procedure by hand. Eliminating u, 
we obtain the inequalities a 2 < 2x — 1 and ax < 2x — 1. (Note that we get strict inequality, 
whether the initial <'s are strict inequalities or not.) Solving for x, we obtain (a 2 + 1)/2 < x 
and 1/(2 — a) < x. Eliminating x, we get (a 2 + l)/2 < b and 1/(2 - a) < b. This yields 
a contradiction if and only if b is less than or equal to the minimum of (a 2 + l)/2 and 
1/(2 — a). A calculation shows that the latter is always smaller for a £ [0, 1), so we have 
the desired conclusion. □ 

We Ccin now finish off the proof of Theorem I^T^l Suppose Trnuit 

[F] U {0 < x, x < r, u = 

x 2 } proves a disjunction 9\ V. . . V9 n with each 9i of the form (|5.3j) for some etj and 6j. If any 
of the intervals (cij, 6j) overlap, we can strengthen some disjuncts (and eliminate redundant 
ones) and obtain an equivalent interpolant where the intervals (o^, 6j) are disjoint and are 
listed so that for each i, m < a.i + \. On the other hand, T a dd[F] U {2x — 1 < u} refutes 8 
if and only if it refutes each and if this is the case, it is certainly true for any 9[ such 
that T a dd[F] U {2x — 1 < u} proves 9[ — * 9^. Thus, from the point of view of proving the 
"only if" direction of the theorem, we may assume, without loss of generality, that 8 is a 
disjunction of formulas of the form (|5.3|) . and the intervals (aj,6j) corresponding to the a 
and b in each 9i are increasing and disjoint. 

But then it is clear that T mu n[F] U {0 < x,x < r, u = x 2 } proves 9\ V . . . V 9 n if and 
only if 

(1) a = 0, 

(2) bi = a.j + i, for each i < n, 

(3) a n = r, 

and the <'s are chosen suitably. Lemma 15.51 guarantees that for each i, a^+i < 1/(2 — a^). 
The largest possible value of r occurs when the inequality is replaced by an equality a^+i = 
1/(2 — aj), and a calculation shows that in that case, en = + 1) for each i <n. 

This proves the "only if" direction of the theorem, establishing an upper bound on the 
possible values of r. But the proof in fact yields an interpolant that shows that the upper 
bound can be obtained: if each 9i is the formula 

o-i < x < a,i + i A a 2 < u < a 2 +1 A aix < u < a^+ix 

with a» = + 1), then T mu i t [F] U {0 < x,x < r,u = x 2 } proves ^ V ... V 9 n , and 
T a dd[F] U {2x — 1 < u} refutes each 8{. □ 

6. Provability of a universal sentence in T[F] 

In this section, we will provide various characterizations of provability of a universal 
sentence in These will be used in Section [3 to establish our decidability results. 

By Proposition 12.21 if ip is a universal sentence in the language of some T[.F], (p is 
equivalent to a formula of the form Vx (tp a dd{x) V (p mu it(%)), where (f a dd and ip mu it are in 
the language of T add [F} and T mult {F], respectively. 
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Proposition 6.1. Let p = Vx (p a dd{x) V p m ult{x)) be as above. Then the following are 
equivalent: 

(1) T[F] proves p. 

(2) There is a quantifier-free formula 9(x) in the language T comm [F] such that T add [F] U 
{9(x)} h ifadd(x) and T m . u | f [F] U {^0(x)} h p> mu it(x). 

(3) There is a quantifier-free formula 0(x) in the language T comm [F] such that 

Vx (0(x) -> ipadd{x)) and Vx (->0(z) -> vWt(z)) 
hold of the real numbers, with the intended interpretation of the auxiliary function 
symbols. 

Proof. If 2 holds, then clearly T[F] proves <p add {%) V <P mult (%) • Thus 2 implies 1. Conversely, 
if T[F] proves <p, it proves ->p m ult(x) ~^ ¥add{x)- Treating x as new constants and applying 
the Craig interpolation lemma, we get an interpolant 9(x) in the language of T comm [F] 
satisfying the conclusion of 2. Since T comm [F] has quantifier-elimination, we can assume 
without loss of generality that 9{x) is quantifier- free. 

The equivalence of 2 and 3 follows easily from the fact that each of T add [F] and T mu i t [F] 
is a complete theory that holds of the reals numbers with the intended interpretation of the 
auxiliary function symbols. □ 

From a model-theoretic perspective, it is useful to replace provability by nonexistence 
of a countermodel. When we say T(x) is a type over a theory T, we mean that T is a set of 
formulas in the language of T, involving only the free variables x, such that T is consistent 
with T. Saying T(x) is a complete type means that for every formula ip(x), either ip(x) or 
->ip(x) is in r(x). 

Proposition 6.2. Let ip = Vx (p a dd(x) V p mu it{x)) be as above. Then the following are 
equivalent: 

(1) T[F] does not prove p. 

(2) T[F] U {-k/?} is consistent. 

(3) The union of T add [F] U {^p a dd(x)} and T mu i t [F] U {^p mu it(x)} is consistent. 

(4) There is a complete type T(x) over T comm [F] such that 

Tadd [F] U r(x) U {^padd {x)} and T mult [F] U T(x) U {^p mu it {x)} 
are both consistent. 

(5) There is a complete type T(x) over T comm [F] such that for every finite r'(x) C T(x), 

T add [F] h 3x (/\r'(x) A ^padd(x)) 

and 

T muH [F] h 3x (/\r'(x) A -^ mMtt (x)). 

(6) There is a complete type T(x) over T comm [F] such that for every finite r'(x) C T(x), 
there are real numbers x and y satisfying 

T'(x) A ^Padd{x) A r'(y) A ^Pmult{y)- 

Proof. In light of the soundness and completeness of first-order logic, 1 is just a restatement 
of 2, and the equivalence with 3 follows from the definition of p in terms of p a dd and 
<Pmult- The equivalence of 3 with 4 follows by the Robinson joint consistency theorem, or, 
equivalently, from the Craig interpolation theorem, using compactness. 
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That statement 4 implies statement 5 follows from the fact that T a dd[F] and T mu n[F] 
are both complete theories; for example, T a dd[F] U T'(x) U {^ a dd(x)} is consistent if and 
only if T a dd[F] proves 3x (/\T'(x) A -«p a dd(x))- The converse is immediate. 

The equivalence of 5 and 6 follows from the fact that each of T a dd [F] and T mu i t [F] is 
the theory of the real numbers in the respective languages. □ 

Note that the equivalence of 1-4 holds, in general, for any two theories. The equivalence 
with 5 relies only on the fact that T a dd[F] and T mu i t [F] are complete, and the equivalence 
with 6 relies only on the additional fact that they are satisfied by the reals. 

Statement 6 provides a nice characterization of provability in T[F]. A universal sentence 
ip is true of the reals if and only if every sequence x of reals satisfies either (p a dd(x) or 
ip mu it(x). But a universal sentence (p is provable in T[F] if and only if for every complete 
type T(x) in the language of T comm [F], there is a finite subset r'(x) such that either 

vx (/\r' (x) -> <Padd(x)) or Vx (/\T'(x) -> ip mu it(x)) 

holds in the reals. In particular, this has to hold whenever T(x) is the type corresponding 
to a sequence of real numbers; but we will see below that there are types in the language of 
T CO mm[F] that are not of this form. Thus, provability in T[F] imposes a stronger require- 
ment. 

In the remainder of this section, we consider various representations of the quantifier- 
free formulas tp a dd(x), <-Pmuit{x), and the possible interpolants 9{x). We also consider rep- 
resentations of the types T(x). The former will be relevant to the discussion of heuristic 
algorithms in Sections I12H14I whereas the latter will be used in our decidability proofs in 
Section 

Let if = Vx (tpadd(x) V (p mu it(x)) be as above. Since Vy ip(y) is equivalent to Vy > 
ip(y) A ip(0) A Vy > t/}(— y), as in the proof of Proposition VA.'Ai any universal sentence 
if is equivalent to a conjunction of formulas of the form Vx > (if a dd(x) V f mu it(x)). We 
can absorb the condition x > into both (p a dd(x) and (p m uit(x). By adding a new variable 
if necessary, we can also assume that each includes the condition x\ = 1, and it will be 
notationally convenient to do so. Thus, for the rest of this section, we will assume that 
ip is a universal formula of the form Vx {(f a dd{x) V (p mu it(x)) where if a dd{x) and <p mu it{x) 
are quantifier- free in the language of Fadd [F] and T mu n [F], respectively, and ->(p a dd(x) and 
~^(Pmuit{x) each implies x > and x\ = 1. The question as to the decidability of the universal 
fragment of T[F] reduces to the question as to whether one can determine whether T[F] 
proves a sentence of this form. Let A(x) be the set {x > 0, x\ = 1}. 

Proposition 6.3. Under hypotheses A(x), a quantifier- free formula in the language of 

F C omm 

[F] can be put in any of the following forms: 

(1) a conjunction of disjunctions of atomic formulas of the form x, < axj or Xj < axj, 
with a > 0. 

(2) a conjunction of disjunctions of atomic formulas of the form Xj < axj, with a > 0, 
or of the form Xj = axj with a > and % < j. 

(3) either 1 or 2, with "conjunction" and "disjunction" switched. 

Proof. Let 9 be quantifier-free. First, put 6 in negation-normal form, so that it is built up 
from atomic formulas and negations of atomic formulas using A and V. Replace s -ft t by 
t < s, replace s j£ t by t < s, and replace s ^ t by s < t y t < s. As a result, all atomic 
literals occur positively. One can further eliminate either s < t in favor of s < t V s = t, or 
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one can eliminate s = t in favor of s < t At < s. The resulting formula can then be put in 
either disjunctive or conjunctive normal form, without introducing negations. 

In the end, all the atomic formulas are of the form axi < bxj, axi < bxj, or axi = bxj. 
Dividing through by b (and reversing an inequality when b is negative), we can assume that 
in each case 6 = 1. With the assumptions in A, each atomic formula in which a is negative 
can be replaced by either T or _L. Then inequalities axi < xj (resp. ax, t < xj) can be 
expressed as x,- t < (l/a)xj (resp. xi < (l/a)xj), as necessary, and equalities X j — (XX i Cclll DG 
rewritten Xi = (l/a)xj when i < j. □ 

Such normal forms can be useful in reducing the problem of proof search to restricted 
cases. From an implementation point of view, not all these reductions are wise, however; 
for example, using case splits to ensure that the x's are all positive or to eliminate s < t 
in favor of s < t or s = t can result in an exponential blowup. In the absence of sign 
information, the normal forms are more complicated. For example, although x 2 > 2x3 can 
be expressed as X3 < (l/2)x2, x 2 > —X3 cannot be expressed in the form x% < axj. Also, 
in the absence of sign information, neither of X2 < X3 and X2 < 2x3 implies the other. In 
that case, one has to consider normal forms with atomic formulas from among Xi < axj, 
X{ < axj, Xi > axj, and Xi > axj. A little thought shows that in a single conjunction or 
disjunction, for each pair i,j, no more than two such formulas are needed; see also the proof 
of Proposition 112.21 

We can similarly classify the complete types over T comm [F]. Let T(x) D A(x) be such 
a type. Since T comm [F] has quantifier elimination, T is determined by the atomic formulas 
that it contains. Hence it is also determined by its subsets Tij(xi, Xj), with i < j, where 
Tij consists of the atomic formulas involving both Xi and Xj. If Tij contains a formula of 
the form Xi = axj, that determines the set F{j uniquely. We denote this type by T x ./ X . =a . 
Otherwise, Y%j contains the formula Xi 7^ axj for every a in F, and so Tij is determined by 
the set of elements a such that T^j contains the formula Xj < axj. This set is a downwards- 
closed subset of the positive part of F; think of it as the set of a such that Xi/xj < a. 
If this set is empty, that determines Tij uniquely, and we denote the corresponding type 
^Xi/x^oo- Otherwise, the set has a greatest lower bound in the real numbers, say, r. If r is 
not an element of F, then I\ contains Xi < axj exactly when r < a, and this determines 
Tij exactly; we denote the resulting type by T x .j x .^ r . If, on the other hand, r is an element 
a of F, there are two possibilities: Tij contains the formula Xi < axj, or it does not (in 
which case it contains the formula Xj < (l/a)xi). Denote the first type by T Xi j x .~ a - , and 
denote the second by F Xi / Xj ~ a +- 

In short, we have shown the following: 

Proposition 6.4. Let T(x) be any complete type over T comm [F] that includes A(x). Then 
for each i < j, T includes exactly one of the following: 

(!) Fxi/ Xj =a, for some a in F 
(2) T x ./ X .~ r , for some r in R \ F 

( 4 ) r x ./ Xj!aa - , for some a in F 

(5) r z ./ a . j . Rjo +, for some a in F 
These data determine V uniquely. 

Note that not every collection of sets T x ./ X . determines a consistent type over T comm [F]; 
for example, the sets F Xl / X2=2 , F X2 / Xs=2 , and T Xx / Xz= 2 are jointly inconsistent. 
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In the next section, we will combine the analysis given by Proposition l6.41 together with 
equivalence 6 of Proposition 16.21 to show that, with general conditions on F, the universal 
fragment of T[F] is decidable. 

7. Decidability 

Let ip = Vx (tp a dd(x) V ip mu it{x)) be as in the previous section, so that (p a dd and <p m uit 
are quantifier- free formulas in the language of Tadd \^\ and T mu n [F] respectively, and each 
of ~^fadd(x) and ^<p mu it(%) implies x > and x\ = 1. We have seen that the decidability of 
the universal fragment of T[F] reduces to the problem of determining whether T[F] proves 
a formula tp of this sort; and that T[F] does not prove such a (p if and only if 

there is a complete type T(x) over T comm [F~\ such that for every finite r'(x) C 

T(x), the sentence 

3x (f\T'(x) A -^ifaddix)) A 3x (f\T'{x) A ^<p muU (x)) 

is true of the real numbers. 
Call this the "consistency criterion for -itp." We also have a complete classification of 
the relevant types T(x). In this section, we will use the latter to show that when F is a 
computable subfield of R and membership of a real algebraic number in F is decidable, the 
consistency criterion for —up is decidable. 

Fix tp and F, and hence p a dd{x) and <p mu it(x)- If T{x) is any set of atomic formulas 
in the language of T comm [F] involving the variables x and % < j, let T{j denote the set of 
formulas in T involving Xi and Xj. Let S be the collection of sets T such that for each i < j, 
Tij is one of the types described in Proposition 16.41 Since each such T consistent with 
T comm [F] uniquely determines the complete type that extends it, we can replace "complete 
type T(x) over T comm [F]" by 'T G 5" in the consistency criterion for -up. 

We now show that we can modify the collection of sets S to avoid the restrictions 
"a G -F" in the clauses of Proposition 16.41 To do so, we consider types in the larger 
language, T comm [R\. Let the types T Xi / Xj=a , T x ./ X T x ./ Xj!iJoo , T x . /x .„ a -, and T x ./ X . aa + 
be defined as in the paragraph before Proposition 16.41 except with respect to the language 
of T comm [R]. Let S be the sets T of atomic formulas in T comm [M] such that for each i < j, 
Tij is one of the following: 

(1) r Xi /x-=ai f° r some a in R 

(2) T Xi / x .~ r , for some r in R \ F 

(4) Txi/x-asa- , for some a in R 

(5) T Xi/Xj ~ a +, for some a in R 

Note that we have replaced "o £ F" by "a G R" in the first item and in the last two items, 
but we have left R \ F alone in the second item. 

Lemma 7.1. The consistency criterion for —up is satisfied by a set r G S if and only if it is 
satisfied by a set T G S. 

Proof. Suppose the consistency criterion is satisfied by some r G S. It is easy to check that 
it is then satisfied by the corresponding set T G S. 
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In the other direction, note that if a is in R \ F, then each of T x ./ Xj=a , T x ./ X .~ a - , 
and ~r Xi / X] ~ a + includes T Xi / x .~ a . Thus every set T £ S includes a set V £ S. So, if the 
consistency criterion is satisfied by some T £ S, it is satisfied by some r £ 5. □ 

We now parameterize the finite subsets of each T £ S. For each e > 0, we define a 
formula 

t[e] = f\t h3 [e], 

i<j 

where 

(1) Y Xi i x . =a [e\ is the formula X 2 (XX n 

(2) f Xi/a ,_ r [e] is (r - e) Xj < a* < (r + e)x s 

(3) T x . /x . KOO is Xi > (l/e)xj 

( 4 ) Fxi/xjiva- is (° - e )^j <Xi< axj 

( 5 ) f Ij / I . (Sa + is axj <Xi<{a + e)x j 

For every e, r[e] is implied by some finite subset of V. Conversely, every finite subset of T 
is implied by T[e] for some e > 0, and, in fact, for an e of the form 1/n for some n £ N. 
Thus the consistency criterion for —up is equivalent to the following: 

there is a set T £ 5 such that for every e > 0, the sentence 
3x (f [e] A -^(padd{x)) A 3x (f[e] A ->(p mv jt{x)) 

is true of the real numbers. 
The sets T £ S, and the corresponding formulas T[e], are parameterized by tuples of symbols 
from the set 

{'=a' | a £ R} U {'«r' | r £ M \ F} U {'oo'} U {'^a - ' | a £ R} U {'«a+' | a £ R}. 

When i 7 = R, there are no sets with parameters of the second kind, and so the consistency 
criterion can be expressed in the language of real closed fields. By Theorem 14.41 T[R] is a 
conservative extension of T[A]. Thus we have: 

Theorem 7.2. The universal fragment of T[A] is decidable. □ 

When F is a proper subfield of R, the revised consistency criterion for —xp can be 
expressed as a sentence of the form 

3r £ R \ F 3a £ R Ve > 3f , x' 9 

where 9 is a quantifier-free formula in the language of real closed fields. By quantifier- 
elimination for real closed fields, this is equivalent to a sentence of the form 3f £ R \ F rj, 
where rj is a quantifier- free formula in the language of real closed fields. Say F is a sufficiently 
computable subfield of R if F is a computable subfield of R and there is an algorithm to 
determine whether a real algebraic number a (described in terms of a definition, say, in the 
language of real closed fields) is in F. 

Theorem 7.3. For any sufficiently computable FC|, the universal fragment of T[F] is 
decidable. 

By our analysis of the consistency criterion, Theorem 17.31 is a consequence of the fol- 
lowing: 
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Theorem 7.4. For any sufficiently computable F C R, there is an algorithm to decide 
whether a sentence of the form 3x <f(x) holds of the reals, where ip is a formula in 

the language of real closed fields. 

We will prove something more general. Let R be any real closed field. A function h{x) 
or a predicate E{x) on R is said to be semialgebraic if it is definable in the language of 
real-closed fields without parameters. 

Theorem 7.5. Let R be any real closed field, and let F be any proper subfield of R. If 
E, h±, . . . , h m are semialgebraic, then 

3xi $ F . . . 3x n F (E(x, y) A h x {x,y) £ F A . . . A h m (x, y) F) 

is equivalent to a positive boolean combination of assertions of the form D(y) and g(y) F, 
where D and g are semialgebraic. Furthermore, there is an algorithm for determining an 
expression of this form from (presentations of) E, hi, . . . , h m . This algorithm does not 
depend on R or F. 

In particular, when there are no variables y, Theorem 17.51 asserts that any assertion of 
the form 3x G R \ F E(x) is effectively equivalent to a boolean combination of sentences 
in the language of real-closed fields and assertions of the form g F, where g is a real 
algebraic constant. Thus Theorem 17.51 implies Theorem 17.41 

Proof. We use induction on n. When n = there is nothing to do. Suppose the theorem is 
true for n. Then 

3x x <t F . . . 3x n+1 F {E(x, y) f\hi{y) F A ... A h m {y) F) 

is equivalent to 3x\ F ifj(xi,y), where ip has the requisite form. We can then write tp as 
a disjunction of formulas of the form 

D(xi, y) /\gi{xi,y) F A . . . A gi(x 1} y) F 

where D, gi, . . . , gi are semialgebraic. Since we can factor the existential quantifier 3x\ 
across the disjunction, it suffices to prove Theorem 17. 51 for the special case n = 1. 

So, resorting to the original notation, let E(x, y), h\{x, y), . . . , h m (x, y) be semialgebraic. 
We need to show that 

3xeR\F (E{x,y)Ah 1 {x,y) F A . . . h m (x,y) $ F) (7.1) 

is equivalent to a positive boolean combination of assertions D{y) and g{y) F, for semi- 
algebraic D and g. 

By the theory of definability in real closed fields [SI for each fixed y, the set 
{x | E(x,y)} is a finite union of disjoint intervals (including intervals of the form (— oo,a), 
(— oo,a], (a,oo), and [a,oo)) with endpoints that are definable in the parameters y. Simi- 
larly, fixing y, for all but finitely many points x of R all the functions hi are either locally 
increasing or locally decreasing or locally constant at x. A bound p on the number of such 
intervals and exceptional points, independent of y, can be determined effectively from the 
presentations of E, hi, . . . , h m . Furthermore, for fixed n, terms like "the left endpoint of 
the nth interval (in increasing order) in the decomposition of {x \ E(x,y)}, if there is one, 
or otherwise" and "the nth point at which one of the h^s is neither locally monotone nor 
locally constant, if there is one, or otherwise" are semialgebraic functions of y. 

As a result, for each fixed y, there is a sequence of at most p disjoint nonempty open 
intervals Ji,...,J q and at most p exceptional points ui, . . . ,u r such that 
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• {x | E(x,y)} = J\ U . . . U J q U {tii, • • • , u r }, and 

• on each interval J n , all the functions hi are either monotone or constant. 
Furthermore, all the following are semialgebraic in y: 

• the predicates D q ^ r (y), where q, r < p, which assert that there are exactly q intervals 
in the decomposition of {x \ E(x,y)} and r exceptional points; 

• the predicate Gi^ n {y) which asserts that hi (as a function of x), is constant on J n ; 
and 

• the functions ki^ n {y) which return the value of hi on J n , if hi is constant on J n , or 
otherwise. 

Given y, assuming that there are q intervals J n and r exceptional points, we claim that 
(|7.1|) is equivalent to the following disjunction: 

(1) there is an interval J n , n = 1, . . . ,q, such that for each function hi, if hi is constant 
on J n , then the value of hi on J n is not in F; or 

(2) for one of the exceptional points u n , n = 1, . . . , r, we have u n F, and hi(u n ) F 
for each i. 

By the preceding paragraph, this can be expressed as a positive boolean combination ip qtr (y) 
of assertions of the form H(y) and l(y) F, where H and / are semialgebraic. This means 
that the expression 

\y (zv(y)AVv(£)) 

q,r<p 

is of the requisite form. Thus, to complete the proof of Theorem 17.51 it suffices to establish 
the equivalence of (|7.1|) with the disjunction of 1 and 2. 

Suppose (|7.1|) holds, and, given y, let x F witness the existential quantifier. Since 
E(x, y) holds, either x is in J n for some n, in which case clause 1 holds, or x is one of the 
exceptional points u n , in which case clause 2 holds. 

Conversely, given y, suppose either 1 or 2 holds. If 2 holds, then that exceptional 
value u n witnesses the existential quantifier in (|7,1|) . So assume 1 holds, and let J be an 
interval on which all the functions that are constant take a value not in F. Renumbering, 
let hi, . . . , hi be functions that are not constant on J. It suffices to show that there is an 
x £ J \ F such that h\{x, y), . . . , h[(x, y) are not in F. 

We consider two cases. First, suppose R properly contains the real algebraic closure of 
F(y) in R. Then one can choose an x transcendental over F(y) in the interval J. This x has 
the desired property: if hi(x, y) = a for some i = 1 . . . I, then hi(x, y) — a = is a nontrivial 
algebraic identity in y and elements of F, contradiction. Otherwise, R is equal to the real 
algebraic closure of F(y) in R. Since F is properly contained in R, we can choose an x with 
sufficiently high algebraic degree over F(y), in which case an equality hi(x,y) = a for some 
i = 1 . . .1 again yields a contradiction. □ 

Note that in the instance of Theorem 17.51 needed for Theorem 17.41 R = M and F is a 
countable subfield, in which case the implication from 1 to ()7.1|) in the last paragraph of 
the preceding proof follows more easily from cardinality considerations. 

8. Normal forms 

When dealing with an associative and commutative operation like addition, it is com- 
mon to put terms in an appropriate normal form. For example, one can always rearrange 
a sum ti + ... + t n so that parentheses are associated, say, to the left, and t\,...,t n are 
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ordered according to a fixed ordering of terms; this makes it easy to tell whether or not 
two such sums agree up to the associativity and commutativity of addition. In the theories 
T[.F], not only do we have addition and multiplication (as well as subtraction and division), 
but also multiplication by constants from F. In this section, we will show that one can still, 
fruitfully, put terms in T[F] into a normal form. This provides an algorithm for testing 
whether two terms are provably equal: just put them in normal form, and compare. 

In fact, to show that normal forms are unique, we will take care to define an ordering 
on these terms that is compatible with the axioms for < in Tfi 7 ]. This will enable us to 
construct a term model of T[F] in which different terms in normal form denote different 
elements. It will also enable us to show that any equality between terms that can be 
established in T[F] can be proved without using the ordering. 

We define a set of preterms inductively, each with an associated rank, as follows. For 
each n, a preterm of rank In + 1 is called an "additive preterm," and a preterm of rank 
2n + 2 is called a "multiplicative preterm." A preterm of rank is called a "basic preterm." 

• Each variable, x,y,z, . . . is a preterm of rank 0, as well as the constant, 1. 

• For n greater than and odd, if t±, . . . ,t k are multiplicative or basic preterms of 
rank at most n — 1, k > 2, a±, . . . a k are nonzero elements of F, and at least one t{ 
has rank n — 1, then a\t\ + 02^2 + • • • + Ofc^fc is a preterm of rank n. 

• For n greater than and even, if t\, . . . , t k are additive or basic preterms of rank at 
most 7i—l and other than 1, i\, . . . , i k are nonzero integers, either k > 2 or i\ 7^ 1, 
and at least one tj has rank at least n — 2, then t l ^t l 2 2 ■ ■ ■ t k k is a preterm of rank n. 

Here parentheses in products and sums are assumed to associate to the left, and for an 
integer i, t % is the i-fold product of t with itself if i is positive, or 1 divided by the —i- 
fold product of t with itself if i is negative. Note that there is no constant multiplier for 
multiplicative preterms. The condition "k > 2 or i\ / 1" in the third clause allows x 2 , for 
example, but rules out x 1 . 

We now define, simultaneously, a normal form for preterms together with an ordering 
s -< t on preterms in normal form. We assume that variables have been indexed x\,x%,.... 
For each n, we define the notion of normal form, as well as the ordering, for terms of rank 
at most n, as follows: 

(1) n = 0: Each basic preterm is in normal form. These are ordered 1 y xi y X2 >- ■ ■ ■ 

(2) n > 0, odd: An additive preterm a\t\ + 02*2 + • ■ ■ + «aA is in normal form if and 
only if each tj is in normal form, t\ y t<i y . . . y and a± = 1. 

To define s -< t when at least one of s and t has rank n and the other has rank 
at most n, write 

s = a\U\ + a 2 ii2 + • • • + a k u k 

and 

t = biui + b 2 U2 + • • • + b k u k 
where u\ y u 2 y ■ ■ ■ y u k are preterms of rank at most n — 1, and now the aj's and 
biS are allowed to be 0. Then use lexicographic order: s -< t if and only if a, L / b, L 
for some i and <2j < bi for the least such i. 

(3) n > 0, even: A multiplicative preterm t^t^ "'tft ls in normal form if and only if 
each t m is in normal form, and t\ y t 2 y ■ . . y t k . To compare two multiplicative 
preterms of rank at most n, the procedure is slightly more complicated now, since 
we now consider the standing of the subterms in relation to the basic preterm 1. 
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Write the subterms Si occurring in s and the subterms tj occurring t, together with 
the preterm 1, in ^-decreasing order as u%, . . . , u m , 1, u m+ i, . . . , uj-. Then express 

• = «fi^-ii*r-i.utfj...«jj' (8.i) 

and 

t = u{V 2 2 ■■■ut-l- • • • u{ k (8.2) 

where now the i n 's and j n 's may be 0. We now say s -< t if and only if 

• there is an n < m such that i n ^ j n , and, for the least such n, i n < j n ; or 

• For every n < m, i n = j n , but there is some n > m such that i n ^ j n , and 
in > jn for the largest such n. 

Note that the clause 1 of the definition of >- makes sense if we think of the variables as 
being positive values, with each infinitesimally small compared to X{ and 1. Clause 2, 
which treats the case where the term of highest rank is additive, is also intuitively consistent 
with an interpretation of -< as denoting a relation, "is infinitely smaller than," on positive 
numbers. Clause 3, which treats the case where the term of highest rank is multiplicative, 
has similarly been designed to admit such an interpretation. The main constraint there was 
to ensure that the ordering cohere, in the following sense: 

Lemma 8.1. Let n > be even, and let s and t be preterms of rank less than or equal to 
n. Then the ordering of s and t is equivalent to the order obtained under clause 3, when s 
and t are put in the form (|8.1|) and (|8.2|) . respectively. □ 

Lemma 18. II is needed to prove Lemma 18.61 The proof proceeds by running through the 
cases where each of s and t is a variable, the constant 1, an additive term, or a multiplicative 
term. For example, if s and t are additive and 1 >- s >- t, one easily verifies that >- ls°t 1 
under Clause 3. The other cases are similarly straightforward. 

Say that a term is in normal form if it is either or of the form at, where t is a preterm 
in normal form and a is a nonzero element of F . Let T f a ^ [F] be the restriction of T a ^d [F] to 
the language without the ordering < . Let T' mult [F] be corresponding restriction of T mu i t [F] . 
Let T'[F] = T' add [F] U T' mult [F\. It is straightforward to verify the following: 

Theorem 8.2. For every term t, there is a term t in normal form, such that T'[F] proves 
t = t. □ 

Our main goal, in this section, is to prove the following: 

Theorem 8.3. If s and t are terms in normal form, and T[F] proves s = t, then s = t. 

Note that the last equality is syntactic equality; in other words, T proves that two 
terms in normal form are equal if and only if they are the same term. 
As corollaries, we obtain the following: 

Corollary 8.4. There is an efficient procedure for determining whether T[F] proves s = t. 

Proof. Just put s and t in normal form, and compare. □ 

Corollary 8.5. T[F] and T'[F] have the same provable equalities. 



Proof. If T[F] proves s = t, then s and t have the same normal form u. Since T'[F] proves 
s = u and t = u, it proves s = t. □ 
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To prove Theorem 18. 3| first let us extend the ordering -< from preterms in normal form 
to terms in normal form, as follows: if s and t are preterms in normal form, then 

• -< at if and only if a > 0. 

• at -< if and only if a < 0. 

• ^ 

• as -< bt if and only if: 

— a is negative, and b is positive 

— a and b are both positive, and either s -< t or s = t and a < b 

— a and 6 are both negative, and either s >~ t or s = t and a < b 
It suffices to show 

Lemma 8.6. There is a model M of T[F] such that if s and t are terms in normal form 
and s -< t, then s < f holds in A4. 

Proof. Note that operations of addition, subtraction, multiplication, and division are natu- 
rally defined on terms in normal form. For example, suppose a{a\S\ + a2S2 + ■ • • + Ofc s fc) an d 
b{b\t\ + 62^2 + • • • + b[Si). To express their sum as a term in normal form, multiply through 
by a and 6, respectively, combine terms, and express the sum as c\U\ + C2U2 + . . . + c m u m , 
where u\ >- 112 >- ■ ■ ■ y u m and each Cj 7^ 0, or 0. In the former case, the desired normal- 
form term is c\{u\ + (c2/cx)«2 + • ■ ■ + (c m /ci)u m ). This term model almost satisfies the 
claim of Lemma l8.61 it satisfies all the axioms of T[F] indicated in Section |1J except for the 
axiom that asserts that the multiplicative group of positive elements is divisible. That is, 
all that is missing are nth roots of positive elements. To remedy the situation, we embed 
this term model in an expanded set of formal terms, defined as follows. 

Let F 1 be the smallest subfield of R that includes F and is closed under nth roots of 
positive elements, for positive n. Define the set of extended preterms inductively, as above, 
with the following changes: 

• in the additive extended preterms a\t\ + . . . + a^tk, the coefficients are taken from 
F'; and 

• multiplicative extended preterms are taken to be formal products t^t^ 2 • ■ ■ t l £ where 
now the exponents ij are rational numbers. 

Define the set of extended preterms in normal form, the ordering on these, the set of 
extended terms in normal form, and the ordering on these, exactly as before. Once again, 
operations of addition and multiplication can be defined on extended terms in normal form. 
Lemma 18. 11 as well as the analogue for additive preterms, carry over to extended preterms 
as well. 

Let A4 be the model whose universe is the set of extended terms in normal form, with 
the associated ordering and operations of addition and multiplication. Clearly there is an 
embedding of the set of terms in normal form into the set of extended terms in normal form 
which preserves all the operations. So it suffices to show that Ai satisfies T[F]. 

We simply run through the axioms given in Sectional Verifying the axioms of T comm [F] 
is straightforward, as well as the fact that the terms form an abelian group under addition, 
and the positive terms form an abelian group under multiplication. 

To show that the ordering is compatible with multiplication of positive elements, we 
need to show that s -< t — > su -< tu holds of positive terms s, t, u in normal form. Let 
s = as' , t = bt' , and u = cu' where s' , t', and v! are preterms in normal form, and a, b, and 
c are positive. Then su = (ac)s'u' and tu = (bcjt'u'. Since s ~< t, we have either s' ~< t', 
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or s' = t' and a < b. In the first case, Lemma 18,11 and Clause 3 of the definition of -< 
guarantees that s'u' -< t'u' , and hence su -< tu. In the second case, s'u' = t'u' and ac < be, 
so, again, su -< tu. 

Showing that the ordering is compatible with addition is similarly straightforward. So 
we only need to show that the multiplicative group of positive elements is divisible. Let at 
be an extended term in normal form satisfying at y 0. Then a > 0, and we can view t as 
a multiplicative preterm t^t^ ■ ■ ■ tu, possibly with k = 1 and i\ = 1. But this has nth root 
yfat % ^ n t % 2^ n . . . t l ^ n , where this is identified with yfati if k = 1 and i\jn = 1. □ 

We note that the complicated definition of -< in the multiplicative clause of the ordering 
of preterms was designed to ensure that -< is compatible with the axioms of This, 
in turn, was used to construct the term model in the proof of Theorem 18.31 Theorem 18.31 
remains true, however, for a simpler version of -<, in which we simply use a lexicographic 
ordering at the multiplicative stage. This simpler ordering, and the associated normal forms, 
are more amenable to implementation. (Indeed, it may also be natural to order terms of 
lower rank before terms of higher rank.) To derive the variant of Theorem 18.31 for these 
normal forms, it suffices to show that the map from terms in the simpler normal form to 
the normal form we have used here is injective. In other words, it suffices to show that if s 
and t are in the simpler normal form, u a term in the normal form we have used here, and 
T[F] proves both s = u and t = u, then s and t are syntactically identical. This can be 
done by a careful induction on the maximum rank of s and t. 

Note also that it is harmless, and again useful from an implementation point of view, 
to extend the language of T[F] to include exponentiation to arbitrary integers. Since nth 
roots of positive elements can be defined in T[_F], one can similarly expand the language 
of T[F] to allow nth root functions for positive n, or even exponentiation to any rational 
power. One has to be careful, however, to provide a consistent interpretation of the nth 
root function on negative elements, and natural simplifications may depend on knowing the 
sign of the relevant terms. For example, vr can be simplified to x if x is positive and — x if 
x is negative. For that reason, determining an appropriate normal form representation for 
terms involving nth roots is more complicated. Similar complications arise in obtaining an 
adequate handling of absolute value, max, and min. The issue of obtaining useful canonical 
representations for such extensions is of practical importance, and is discussed further in 
Section El below. 

Finally, we note that the method of computing normal forms only gives a decision 
procedure for provable equations in the absence of hypotheses. For example, T[F] proves 
1 + x 2 + y 2 ^ (or, equivalently, 1 + x 2 + y 2 = — ► = 1), but this is not provable in T'f-F]. 

9. Building models of T[F] 

In Sections 1101 and ITT1 our goal will be to prove undecidability results (and conditional 
undecidability results) for the theories T[.F]. Recall the alternative formulations T[F]* 
introduced in Section |2J in the language with symbols 0,1,+, x,< and constants c a for 
each a E F. In light of Theorem 14. 3( we will work exclusively with the theories T[.F]*. Our 
strategy will be to build models of T[.F]* in which F and Z are, respectively, definable. In 
this section, we will develop techniques for building such models. 
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Let 1Z = {R, <,+,—, x) be an ordered real closed field extending the countable ordered 
subfield F C R. More specifically, we assume that F is a subfield of 1Z, where the ordering 
on F agrees with the ordering in 1Z. 

Definition 9.1. We say that h is an F-bijection of 1Z if and only if 

(1) h : R — > R is an order preserving bijection. 

(2) /i(0) = and h(l) = 1. 

(3) For all x G -R and a € F, we have h(ax) = ah(x). 

Given an F-bijection /i, we define the structure /i _1 [7£] in the language of T[F]* as 
follows. The domain of /i _1 [7?-] is R. The symbols 0,1,+, and < are interpreted as in 1Z. 
For a S F, c a is interpreted as a. The symbol x is interpreted in /i _1 [7?-] as (8>, defined by 
the equation 

x (8> y = h^ 1 (h(x)h(y)). 
It follows from the definition that x <g> y = z if and only if h{x)h{y) = h{z). Hence h is an 
isomorphism from (R, ®, <) onto (it!, x, <). 

Theorem 9.2. Let h be an F-bijection of K. The model /i _1 [7£] satisfies T[F]*. 

Proof. Recall the axiomatization of T[F]* given in Section 0J We first verify axioms 1,2 in 
h~ l [lZ\. The group given by 0, +, < is obviously an ordered commutative group. Since h is 
an isomorphism from {R, (g), <) onto {R, x , <), we have that 1, x , < is a divisible ordered 
commutative group on the positive elements of R. 

Axioms 3a-3c obviously hold in h~ l [lZ\. For axioms 4a, 4b, note that for all a £ F, 

a <g> x = /i -1 (h(a)h(x)) = hT x (ah(x)) = ah~ x (h(x)) = ax. 

Hence 

(a + b) (%> x = (a + b)x = axA-bx = a(3x + b(&x 

and 

a®(x+y) = a{x+y) = ax+ay = (a<£>x) + (a®y). □ 

So far, we have only assumed that 1Z is an ordered real closed field extending the count- 
able ordered subfield FCR. We will now need to assume that 1Z obeys some additional 
conditions. Note that R is a densely ordered set. An interval in R is a J C R such that for 
all x < y < z, x, z £ J, y £ R, we have y £ J. J is said to be nontrivial if and only if J has 
infinitely many elements. This is the same as saying that J has at least two elements. 

By a standard saturation argument, we will fix an ordered real closed field 1Z, such that 
the following hold: 

(1) R is countable. 

(2) 7Z extends F in the sense above. 

(3) Let n > 1. Suppose that for all i > 1, gi,hi : R n — > R are 7£-definable, where n 
may depend on i. Then L>igi[F n ] has an upper bound. Furthermore, suppose each 
gi[F n ] lies strictly below each hj[F n ]. Then the interval strictly above each gi[F n ] 
and strictly below each hj[F n ] is nontrivial. 

Here, as always, ^-definability allows the use of parameters from R, and the notation f[S] 
denotes the forward image of / on S. The existence of such a field can be proved by starting 
with a countable ordered real closed subfield Ro of R containing F, and then building a 
countably infinite chain of elementary extensions. At each stage, use compactness to ensure 



COMBINING DECISION PROCEDURES FOR THE REALS 



25 



that the required upper bounds in 3 exist, and also that there are x < y forming the required 
nontrivial intervals. (For similar constructions see, for example, Chapter 5].) 

Below, we will refer to condition 3 as the "saturation condition on F, 7£." We will use 
the terms "lower bound" and "upper bound" in the weak sense (<, >), and we will use 
the terms "strict lower bound" and "strict upper bound" in the strong sense (<, >). For 
xi, . . . ,x n £ R, we write F[x\, . . . , x n ] for the subfield of R obtained by adjoining xi, . . . ,x n 
to F. 

Lemma 9.3. Let x\, . . . , x n , y,z £ R, where y < z. There exists y < w < z such that w is 
not algebraic over F[x\, . . . , x n ]. 

Proof. Let xi, . . . ,x n ,y, z be as given. Let g\,g%,... be "/^-definable functions where the 
union of their images over appropriate Cartesian powers of F consists of all elements l/(u — 
y), where u > y is algebraic over F[x\, . . . ,x n ]. By the saturation property of F, 1Z, these 
elements have a strict upper bound b. Hence y + 1/b is a strict lower bound on these 
elements. Set w = y + 1/b. □ 

Our goal in the next two sections will be to construct .F-bijections of R such that 
properties of Q or Z are coded into /i _1 [7£]. Our strategy will be to iteratively extend 
partial F-homomorphisms until they become total and onto. The following definitions and 
lemmas will support our constructions. 

Definition 9.4. Let V[F, 1Z] be the family of all sets E C R such that for some xi, . . . ,x n £ 
R, n > 0, 

E = {axi | 1 < i < n A a £ F}. 
Let W[F, 7Z] be the set of all partial one-one functions h from R into R such that the 
following hold: 

(1) dom{h) £ V[F,TZ}. 

(2) h is order preserving. 

(3) h(0) = and h(l) = 1. 

(4) For all x £ dom(h) and a £ F, we have h(ax) = ah{x). 

Note that for all h€W[F,K], rng{h) £ V[F,K]. 

Lemma 9.5. Every E £ V[F, R] is the image of an ^-definable function on some F n . 
Every h £ W[F, R] is the restriction of an ^-definable function to its domain. 

Proof. The first claim follows immediately from the definition. For the second claim, fix 
zi, . . . , x n £ R such that dom(h) = {axi \ 1 < i < na £ F}. Then h = h\ U . . . U h n , where 
each hi : {ax^ \ a £ F} — > {ah(xi) : a £ F} is given by hi{axi) = ahi{xi). □ 

Lemma 9.6. For all h £ W[F,Tl], h' 1 £ W[F,K]. 

Proof. Let h £ W[F, 1Z]. For all x,y £ rng(h) = dom{h~ l ), if x < y, then h{h^ 1 (x)) < 
h{h~ l (y)), and so fr 1 (a;) < h~ l {y). Similarly, /t _1 (0) = /i _1 (/i(0)) = and h' 1 ^) = 
h~ l (h(l)) = 1. For any a in F and x in rng(h), h~ 1 (ax) = /i _1 (/i(a)/i(/i _1 (x))) = 
/i _1 (/i(a/i _1 (x))) = ah~ 1 {x), as required. □ 
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The following proposition provides a connection between types over T comm [F], which 
were discussed in Section and the elements of W[F, TZ]. 

Proposition 9.7. Let x%, . . . , x n , y%, . . . , y n be elements of R. Then there is an h E W[F, TZ] 
satisfying h(xi) = yi for every i if and only if x and y have the same types over T comm [F]. 

We will not use Proposition 19.71 below, and so we omit the proof, which is straightfor- 
ward. 

We now determine ways in which elements of W [F, TZ] can be extended. We write fld(h) 
for dom(h) U rng(h). The F -multiples of x E R are the elements ax, for a E F. We write 
h C,i ti if and only if the following hold: 

(1) h,ti E W[F,K]. 

(2) h C ti. 

(3) There exists x E dom(h')\dom(h) such that dom(ti) = dom{ti) [ S{ax \ a E -F\{0}}. 
Here, tt) denotes a disjoint union. Then h C 1 ti is equivalent to the following assertions. 

(1) h,ti E W[F,TZ]. 

(2) /i C //. 

3' There exists y E rng(ti) \ rng(h) such that rng(ti) = rng(h) l±) {ay | a E i 7 \ {0}}. 
Note that h C x // if and only if h~ l C 1 ft/ . Note also that in 3,3' above, x and y are not 
unique, but they are unique up to multiplication by an element of F. 

Lemma 9.8. Let h E W[F, TZ] and x E R\dom(h), x > 0. There exists a nontrivial interval 
J such that the following holds: for all y E J, there exists /i /i' such that h'(x) = y. 

Proof. Let h,x be as given. Obviously rng(h) = h[dom(h)\ <x ] l±) h[dom(h) \ >x ], where 
h[dom{h) \ <x ] lies strictly below h[dom(h) \ >x \. 

Case 1. dom(h)\> x is empty. Let J be the interval of elements of R strictly above 
rng(h). By Lemma l^31 and the saturation property of F, TZ, fld{h) has a strict upper bound. 
Hence J is nontrivial. Let y E J, and define h'{ax) = ay, for all a £ F. We have only to 
verify that ti E W[F,TZ]. 

It suffices to show that ti is order preserving. First, suppose ax < a'x, a, a' E F \ {0}. 
Then a < a', and so h'{ax) = ah'(x) < a'h'{x) = h'{a'x). 

Next, suppose v < ax, a E F \ {0}, v E dom(h). If a < then vj — a > x, which is 
impossible. Hence a > 0. Now h(v/a) < h'{x). Hence h(v) < ah'(x) = h'(ax). 

Finally, suppose ax < v, a E F \ {0}, v E dom(h). If a > then x < v/a, which is 
impossible. Hence a < 0. Now h{v/a) < h'(x), so h(v)/a < h'(x), h(v) > ah'(x) = h'(ax), 
and h'{ax) < h(v). 

Case 2. dom(ti)\ <x and dom(h)\ >x are nonempty. Let J be the interval lying strictly 
above h[dom(h) \ <x ] and strictly below h[dom{h)\ >x ]. By Lemma T9.51 these two sets are 
each images of an ^-definable function on some F n . Hence by the saturation condition on 
F, TZ, J is nontrivial. Let y E J, and define h'{ax) = ay, for all a E F. We have only to 
verify that ti EW[F]. 

It suffices to show that ti is order preserving. Suppose ax < a'x, a, a' E F\ {0}. Then 
a < a' , and so h'(ax) = ah'(x) < a'h'(x) = h'(a'x). 

Suppose v < ax, a E F \ {0}, v E dom(h). First assume a > 0. Then v/a < x, and 
so h(v/a) < h'{x), h(v)/a < h'{x), and h(v) < ah'(x) = h'(ax). Now assume a < 0. Then 
v/a > x, and so h{v/a) > h'{x), h(v)/a > h'{x), and h(v) < ah'{x) = ah'{ax). 
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Finally, suppose ax < v, a G F \ {0}, v G dom{h). First assume a > 0. Then x < v/a, 
and so h'[x) < h{v/a) = h(v)/a, ah'(x) < h(v), h'{ax) < h(v). Now assume a < 0. Then 
x > v/a, and so h'(x) > h(v/a) = h(v)/a, ah'(x) < h(v), and h'(ax) < h(v). □ 

Lemma 9.9 (First Extension Lemma). Let h G W[F] and x G" dom(h). Then there exists 
a nontrivial interval J such that the following holds: for all y G J, there exists h Q\ h' such 
that h'(x) = y. 

Proof. Let h,x be as given. The case x > is given by Lemma T9.8I So, suppose x < 0. 
Apply Lemma 19.81 to the case — x > 0, obtaining a nontrivial J such that for all y G J, 
there exists /i C x b! such that h'(—x) = y. 

We claim that — J is a nontrivial interval such that for all y S — J, there exists hQ\h! 
such that = y. To see this, let y G —J. Then — y G J, and hence there exists /i Ci /i' 

such that h'(—x) = —y. But h'(—x) = —y implies h'(x) = y, as required. □ 

Lemma 9.10 (Second Extension Lemma). Let h G VF[-F] and x rng{h). There exists a 
nontrivial interval J such that the following holds: for all y G J, there exists h Q% h! such 
that h'(y) = x. 

Proof. We obtain this from Lemma 19.91 as follows. Let h, x be as given. Then h^ 1 G W^i 7 ] 
and x dom^h^ 1 ). By Lemma 19.81 let J be a nontrivial interval such that for all y G J, 
there exists h^ 1 Ci h! such that h'(x) = y. 

We claim that for all y G J, there exists h Q\h" such that h"(y) = x. To see this, let 
/i C 1 /?,' be such that h'{x) = y. Then h^ 1 C 1 h'^ 1 and h'^ 1 (y) = x. That is, we can set 
h" = h'-\ □ 



10. Existential consequences of T[F] 

The existential theory of F consists of all sentences 

3xi, ■■■ ,x n £ F tp(xi, ...,x n ) 

where (p is a quantifier free formula involving +,x,<, and is interpreted in R. Here we show 
that the existential theory of F can be effectively reduced to the existential consequences 
of T[F] without auxiliary functions. This yields, in particular, a conditional undecidability 
result for T[Q]; see Corollary 110.61 below. 

We adhere strictly to the convention that if an equation holds, then both sides must be 
defined. Also, a term is defined if and only if each subterm is defined. For example, 

h- l (h{x)h{\ + x )) = x + h'^hixf) 

implies that both sides of this equation are defined. In particular, the above equation 
implies that x, 1 + x G dom(h). 

Let h G W[F,1Z]. We write alg(F,h) for the elements that are algebraic over some 
F[xi, . . . , x n ], x\, . . . , x n G fld(h). We write trans(F, h) for R \ alg{F, h). 

Note that by Lemma f9.51 there exists x±, . . . , x n G R such that every element of alg(F, h) 
is algebraic over F[x±, . . . ,x n ]. This allows us to use Lemma T9.3I to obtain an element of 
trans (F,h) in every nontrivial interval. 

Lemma 10.1. Let h G W[F, 1Z] be such that for every x, if 

7T 1 (%)/*(! + x)) = x + h- l {h{xf), 
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then x £ F. Let b dom(h). There exists h Qi h! £ W[.F,7£|, /i'(fe) defined, such that h! 
has the same property; i.e. for every x, if 

ti-\ti{x)ti{l + x))=x + ti~ l (ti(x) 2 ), 

then x £ F. 

Proof. Let be as given. By Lemmas 19.91 and 19.31 define h Q\ h' such that h'(b) £ 
trans(F, h). We first show the conclusion for all ab, a £ F. We assume 

h'- l {h'{ab)h'(l + ab)) = ab + h'^Qi' (ab) 2 ). 

and derive a contradiction. Clearly h'(ab) 2 = (ah'(b)) 2 = a 2 h'(b) 2 £ rng(h'). Since a £ F 
and h'(b) £ trans (F,h), a 2 h'{b) 2 £ rng(h') \ rng(h), which consists of the nonzero F- 
multiples of h'(b). This contradicts that h!(b) £ trans(F,h). 

Finally, we show the conclusion for all x £ dom(h) \ F. We assume 

h'-\h\x)h'{\ + x))=x + h'- l {h{x) 2 ) (10.1) 

and derive a contradiction. By the hypothesis on h, (jlO.lj) does not hold with h! replaced 
by h. Hence if we replace h! by h, at least one side of (jlO.lj) is undefined. 
Case 1. h(l + x) is undefined. Let I + x = ab, a £ F \ {0}. Hence 

h'- 1 {h(x)ah'{b)) = x + h'-^h'iab- 1 ) 2 ). 

Hence h(x)h'(b) £ rng(h'). Since h'(b) £ trans(F,h), h(x)h'(b) £ rng(h') \ rng(h). Hence 
h(x)h'(b) is a nonzero F-multiple of h'(b). This contradicts that h(x) ^ F. 

Case 2. h(l + x) is defined, but h~ 1 (h(x)h(l + x)) is not defined. Then h(x)h(l + x) 
is a nonzero F- multiple of h'(b). Since x ^ — 1, this product is nonzero. This contradicts 
that h'(b) £ trans(F,h). 

Case 3. h^ 1 {h(x)h{l + x)) is defined, but h~ 1 (h(x) 2 ) is undefined. Then h(x) 2 is a 
nonzero F-multiple of h'(b). This contradicts that h'(b) £ trans(F,h). □ 

Lemma 10.2. Let h £ W[F,1Z] be such that for every x, if 

h- l (h{x)h{\ + x )) = x + h- l (h{x) 2 ) 

then x £ F. Let b ^ rng(h). Then there exists h Q\ h' £ W such that is defined, 

and for every x, if 

ti-^h'Wh'il + x)) = x + h'-\h'(x) 2 ) 

then x £ F. 

Proof. Let h, b be as given. By Lemmas I9.10I and I9.3| let h h', where h'~ l (b) £ 
trans(F,h). Write c = h'~ l (b). 

We first show the conclusion for all ac, a £ F \ {0}. We assume 

h'- x {h'(ac)h'(l + ac)) = ac + h'- l {h' '(ac) 2 ) 

and derive a contradiction. From the assumption, we have 1 + ac £ dom(h'). Since c £ 
trans (F, h), 1 + ac £ domih!) \ dom(h). Hence 1 + ac is a nonzero F- multiple of c. This 
contradicts c £ trans (F, h) . 

Finally, we show the conclusion for all x £ dom(h) \ F. We assume 

h'-\h{x)h'{l + x )) = x + h'-^hix) 2 ) (10.2) 

and derive a contradiction. By the hypothesis on h, (|10.2|) does not hold with h! replaced 
by h. Hence if we replace h' by h, at least one side of (|10.2j) is undefined. 
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Case 1. h~ 1 (h(x) 2 ) is undefined. Then/i(x) 2 is a nonzero F-multiple of 6 and /i /_1 (/i(x) 2 ) 
is a nonzero F-multiple ac of c. Clearly the left side of (|1U.2|) either lies in dom(h) or is a 
nonzero F-multiple ac of c. Both possibilities contradict that c G trans (F,h). 

Case 2. h -1 (h(x) 2 ) is defined and + x) is undefined. Then + x) is a nonzero 
F-multiple of 6 and 1 + x is a nonzero F-multiple of c. This contradicts that c £ trans (F, /i) . 

Case 3. /i _1 (/i(x) 2 ) and h{l + x) are defined, but /i _1 (/i(x)/i(l + x)) is undefined. Hence 
h(x)h(l + x) is a nonzero F-multiple of b and /i /_1 (/i(x)/i(l + x)) is a nonzero F-multiple 
of c. But the right side of ()10.2[) is algebraic in fld(h). This is a contradiction. □ 

Theorem 10.3. There is a model Ai of T[F]* with domain R, with the same 0,1, +,< of 
R, in which for all 6, 6(1 + 6) = b + b 2 holds if and only if b G F. In this equation, we use 
the multiplication of Ai to multiply 6 and 1 + 6. 

Proof. Let /i be the identity function on F. Then h G W[F, TZ], and trivially we have that 

• for every x, if h (h(x)h(l + x)) = x + h" 1 (h(x) 2 ) then x G F; and 

• for every x G F, h~ l (h{x)h(l + x)) = x + h~ l (h{x) 2 ). 

Thus we can iterate Lemmas I1U. II and I1U. 21 starting with the identity function on F, diago- 
nalizing over the countably many elements of R. We then obtain h G W[F, H] with domain 
i?, such that 

for every x in R, h (h(x)h(l + x)) = x + h~ 1 (h(x) 2 ) if and only if x G F. 
The required model .M of T[F]* is h~ 1 \JZ\. Calculating in Ai, we have 



Hence, for every x in R, we have x <g> (1 + x) = x + (x (g> x) if and only if x G F, as required. □ 

Corollary 10.4. An existential sentence (p over F in the language of ordered fields is true 
if and only if in any model of T[F]*, (p has witnesses among the b with 6(1 + 6) = 6 + 6 2 . 

Proof. Suppose tp has the form 3xi, . . . , x n ip(xi, . . . , x n ) with ip quantifier-free, and suppose 
ip(ai, . . . , a n ) holds with oi, . . . , a n G F. Let be a model of T[F]*. Then for all 1 < i < n, 

T[F}* proves ip(c ai , . . . , c a J and c fli (1 + c ai ) = c ai + c 2 8 . 

For the converse, Let Ai be a model of T[F]* given by Theorem llO.31 Then the witnesses 
must lie in F. □ 

Corollary 10.5. The existential theory over F is effectively reducible to the existential 
consequences of T[F]* without auxiliary constants, and to the existential consequences of 
T[F] without auxiliary functions. The reduction can be accomplished in linear time. 

Proof. From Theorem 14.11 and Corollary 111). 41 By Theorem 14.31 the we can use T[F] in 



Corollary 10.6. If Hilbert's 10th Problem over the rationals is undecidable (as expected), 
then the existential consequences of T[Q] and T[Q]*, not mentioning auxiliary constants or 
auxiliary functions, respectively, are each undecidable. The former can be reduced to the 
latter by a linear time reduction. 



x (8) (1 + x) = h~ l {h(x)h(l + x)) 



and 



x + (x<8>x) = x + h 1 (/i(x) 2 ) 



place of T[F]*. 



□ 



Proof. Immediate from Corollary 110.51 



□ 
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11. VW3* CONSEQUENCES OF T[F] 

We use Z + for the set of all positive integers, and N for the set of all nonnegative 
integers. 

Lemma 11.1. There exists fi, k, A G R such that 

(1) For every n in N, we have n < n, /i ra < k, and K n < X. 

(2) oo) n F = 0. 

Proof. By the saturation condition on F, 1Z. □ 
We fix [a,k,\ given by Lemma lll.ll Let K[F,1Z] be the set of all functions h such that 

(1) h g W[F,K]. 

(2) h is the identity on {/i, k, A, /in, /iA, kX}. 

We will build a bijection h G K[F,1Z], h : R — > R, such that for all x G R, 1 < x < /i, the 
equation 

(re + a;) (A + x) = kA + kx + Ax + x 2 
holds in h~ l \TV\ if and only if x € N. That is, for all x G -R, 1 < x < fj,, 

r l (/( K + x)/(A + x)) = 

rH/^/CA)) + r l (mf(x)) + rHfWf(x)) + rHm 2 ) 

if and only if x G Z + . In other words, for all x G 72, 1 < x < /x, 

+ x)/(A + x)) = kX + r\Kf{x)) + /- 1 (A/(x)) + r\f(x) 2 ) 
if and only if x G Z + . 

Lemma 11.2. Let h G 7X[F, 72], where for every x in [1,/i], if 

+ x)/i(A + x)) = kA + fc-^Kfcfa;)) + h- l {Xh{x)) + ^(fyx) 2 ), 

then x is in Z + . Let 6 G" dom(h). Then there exists h Q\ h! such that is defined and 
for every x in [1,/i], if 

h'- x {h'{K + x)h'{X + x)) = kA + ti-\Kh'{x)) + h'-\Xh f (x)) + h'-^h'ix) 2 ), 

then x is Z + . 

Proof. Let be as given. By Lemmas 19.91 and 19.31 let h Qi h', where h'(b) G trans (F, h). 
Note that rng(h') \ rng(h) consists of the nonzero ^-multiples of h'(b). 
We first show the conclusion for all ab, a G F\ {0}. We assume 

h'-^h'iK + ab)h'(X + ab)) = kX + h^^hiab)) + /i" 1 (A/i(a6)) + h'~ l (hi (ab) 2 ) 

and derive a contradiction. 

Clearly h'~ l (h! '(ab) 2 ) = h'~ l (a 2 h' (b) 2 ) is defined. Since h!(b) G trans(F,h), a 2 h'(b) 2 G 
rng(h') \ rng(h). Hence a 2 h'(b) 2 is an F-multiple of h'(b). This contradicts that h'(b) G 
trans (F, h) . 

Finally, we show the conclusion for all x G dom(h) \ Z + , 1 < x < fj,. We assume 

/i' -1 (/i'(k + x)h'(X + x)) = kX + h'^^x)) + h'~ 1 (Xh(x)) + h'-\h(x) 2 ) (11.1) 

and derive a contradiction. By the hypothesis on h, 1)11.1(1 does not hold with hi replaced 
by h. Hence if we replace h' by h, at least one side of 1)11.1(1 is undefined. 
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First, we claim that h~ l {h(x) 2 ) is defined. Otherwise, h{x) 2 is a nonzero F-multiple of 
h'(b). This contradicts that h'(b) G trans(F,h). 

Second, we claim that is defined. Otherwise, nh(x) is a nonzero F-multiple 

of h'(b). 

Third, we claim that h" 1 (Xh(x)) is defined. Otherwise, Xh(x) is a nonzero F-multiple 
of h'(b). 

From these three claims, we see that the right side of 1)11.1}) is defined if we replace b! 
by h. Therefore + x)h(\ + x)) is undefined. 

Case 1. H(k + x) and h(X + x) are undefined. Then h'(K + x),h'(X + x) are nonzero F- 
multiples of h'(b). Since h'(b) G trans(F, h), the product h'(K+x)h'(X+x) G rng{h')\rng{h). 
Hence h' (k + x)h' (X+ x) is a nonzero -F-multiple of h'(b). Also b! (k+ x)h! (A + x) is a nonzero 
-F-multiple of h'(b) 2 . This contradicts that h'ib) G trans(F, h). 

Case 2. h(n + x) is undefined, but a(A + x) is defined. Since A + x / 0, we have 
h(X + x) ^ 0. Now h'(K + x) is a nonzero F-multiple of h'(b). Since /i'(o) G trans (F, fid (h)), 
h'(K + x)h{\ + x) G rng(h') \ rng(h). Hence + x)h(X + x) is a nonzero F-multiple of 
Therefore h(X + x) £ F, and hence /i(A + x) = A + x G F. In particular, A + x G F 
and x > 0. This contradicts Lemma lll.ll 

Case 3. h(n + x) is defined, h{\ + x) is undefined. Since k + x 7^ 0, we have + 
x) 7^ 0. Now h'(X + x) is a nonzero F-multiple of h'(b). Since h'(b) G trans (F,fld(h)), 
h(n + x)h'{\ + x) G rng(h') \ rng(h). Hence H{k + x)h'{\ + x) is a nonzero F-multiple of 
h'(b). Therefore + x) G F, and hence h(k + x) = k + x G F. In particular, k + x G F 
and x > 0. This contradicts Lemma lll.ll 

Case 4- h{n + x) and h{X + x) are defined. Since h~ l {h(n + x)h{\ + x)) is undefined, 
h(K+x)h(X+x) is a nonzero F-multiple of h'(b). This contradicts that h'(b) G trans(F, h). fj 

Lemma 11.3. Let /i G -fT[F, 7£] be such that for every x in [1,/x], if 

hT x {h(K + x)/i(A + x)) = kX + /f-V/i(x)) + ^ 1 (A/i(x)) + h- l (h{x) 2 ), 

then x is in Z + . Let 6 rng(h). Then there exists h C.\ b! such that /i /_1 (o) defined and 
for every x in [1,//], if 

h'- l (h'(K + x)/i'(A + x)) = kA + h'-\nti(x)) + h'- l (\h'(x)) + ^(^(x) 2 ), 

then x is in Z + . 

Proof. andESl let h Q 1 /i', where /i /_1 (o) G trans (F, fid (h)). Write c = Note that 

dom{h') \ dom(h) consists of the nonzero F-multiples of c. 

We first show the conclusion for all ac, a G F \ {0}. We assume 

h'- l (h\K + ac)h'(X + ac)) = kX + /^(^(ac)) + /i~ 1 (A/i(ac)) + /^(/^(ac) 2 ) 

and derive a contradiction. In particular, the assumption implies that h'{n + ac) is defined, 
and so k + ac G dom{h) or k + ac is an F-multiple of c. Both alternatives contradict that 
c G trans (F, fid (h)). 

Finally, we show the conclusion for all x G dom(h) \ Z + , 1 < x < /j,. We assume 

h'^ih'^n + x)/i'(A + x)) = kX + + fc /-1 (A/»(x)) + h'- l {h(x) 2 ) (11.2) 

and derive a contradiction. 

There are five terms in (jll.2|) . The four terms other than kX are each either a nonzero 
F-multiple of c or an element of fld(h). Since c G trans (F, fld{h)), the ones that are nonzero 
F-multiples of c must cancel. 
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We now use the inequalities on x,[/,,k, and A. Note that 

• (k + x)(A + x) > k\. 

• h'((K + x)(X + x)) > h'(KX) = kX. 

• h'- l {h'{K + x)h'{X + x)) > h'- l {nX) = kX. 

• X < fl. 

• h(x) < h(u) = u. 

• K,h{x) < [IK. 

• h'^inhix)) < h'^din) = jjiK. 

• Xh(x) < fiX. 

• h'-^Xhix)) < h'- l {iiX) = uX. 

• h(x) 2 < i? < K. 

• ti~ l {h{x) 2 ) < h'- l {n) < k. 

• h'~\h'{K + x)h'(X + x)) > kX > fiK + fiX + k > /i /_1 (k/i(x)) + h /_1 (A/t(x)) + 
h'- l {h{x) 2 ). 

It is now obvious that the terms that are nonzero F-multiples of c cannot include h'~ l (h' '(«+ 
x)/i'(A + x)). 

This leaves /i /_1 (k/i(x)), h'^ 1 (Xh(x)), /i'~ 1 (/i(x) 2 ) as the terms that might be nonzero 
F-multiples of c. Using the above, we have 

• h'- l {h{ X ) 2 ) < K. 

• /i' _1 (k/i(x)) < UK. 

• h'-^Xhix)) < uX. 

• x > 1. 

• h(x) > /i(l) = 1. 

• Kh(x) > K. 

• h'-^Khix)) > h'-^K) = K. 

• h(x) > h(l) = 1. 

• Xh(x) > A. 

• h'-^Xhix)) > h /_1 (A) = X. 
Hence 

• h'-^hix) 2 ) < K. 

• K < h'^ 1 (Kh(x)) < UK. 

• A < b!-\Xh(x)). 

It is now clear that none of h'~ 1 (nh(x)), h'~ 1 (Xh(x)), /i'~ 1 (/i(x) 2 ) can be a nonzero F- 
multiple of c. Hence 

h'-^h'iK + x^'iX + x)), h'-\Kh(x)), and h'-\Xh(x)), h'- 1 (h(x) 2 ) 

all lie in dom(h). Therefore 

h 1 (k + x)h'(X + x), kJi(x), Xh(x), and h(x) 2 

lie in rng(h). We claim that h'(K + x), /i'(A + x) £ rng(h). To see this, first suppose both 
are not in rng(h). Then k + x and A + x are F- multiples of c, and so (k + x)(A + x) is of 
the form aa'c 2 , where a, a' £ F. This contradicts the fact that c is in trans(F, h). 

Now suppose one of them, say, by symmetry, h'{n + x), is an F- multiple of c, and the 
other, h'(X+x), lies in rng(h). Since A+x / 0, we have h'(X+x) / 0. Then h'(K+x)h'(X+x) 
is of the form acu, where a £ F \ {0} and u £ rng(h). But + x)h'(X + x) £ rng(h). 
Hence acu £ rng(h) \ {0}. This contradicts the fact that that c is in trans(F, h). 
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From Ji'(k + x), h'(X + x) G rng(h), we obtain that k + x, A + x G dom{h). Thus we 
see that both sides of (|11.2j) are defined if we replace h! by /i. Hence (|11.2|) holds with h! 
replaced by h. This is a contradiction. □ 

We want to iterate Lemmas II 1.21 and II 1.31 but we first need to deal with the base case. 

Let 

S = {k + x : x G Z + } U {A + x : x G Z + } U {kA + kx + Ax + x 2 \ x G Z + }U 

{1, /i, K, A, /iK, flX, kA}. 

Let 5' be the set of all F-multiples of elements of S. 

Lemma 11.4. Let x G S', 1 < x < fi. If k + x G 5' then x G Z + . If A + x G S" then x G Z+. 

Proof. Let x be as given. Suppose tz + x G S'. Since k + x < 2k, clearly k + x is not a 
nonzero F-multiple of any element of 

{A + x | x G Z + } U {kX + kx + Ax + x 2 | x G Z + } U {A, /i/-t, /xA, kA}. 

Since n + x is greater than every fi n , n G Z + , k + x is not a nonzero -F-multiple of any 
element of {1, fj,}. 

Now suppose k + x is an F-multiple of k + y, y G N. Write k + x = a(/t + y), a G F. 
Then k = (ay — x)/(l — a) or a = 1. Now \ay — x| < |ay| + |x| <// + // = 2/i. Also 
1/| 1 — a| < // or a = 1. Hence k < 2fi 2 or a = 1. Therefore a = 1. Hence k + x = k + y, 
and x = y. Therefore x G Z + . 

Suppose A + x G 5". Since A + x < 2A, clearly A + x is not a nonzero F-multiple of any 
element of {/uA, kX} U {kX + kx + Ax + x 2 | x G N}. Since A + x is greater than every n n , 
n G Z + , A + x is not a nonzero F-multiple of any element of {k + x : x G Z + } U {1, //, k, ^k}. 

Now suppose A + x is a nonzero F-multiple of A + y, y G Z + . Argue as above that 
XGZ+. □ 

Lemma 11.5. There exists a bijection h G K[F,1Z], h : R — > -R, such that the following 
holds. For all x G dom(h) with 1 < x < /i, we have 

+ x)/i(A + x)) = kX + h- l {Kh{x)) + n" 1 (A/i(x)) + fe _1 (/i(ar) 2 ) 

if and only if x is in Z + . 

Proof. Let /i be the identity function on S' . Obviously h G K[F,1Z]. By Lemma 111.41 for 
all x G dom(h) such that 1 < x < /i, if 

fc _1 (fc(#s + x)/i(A + x)) = kA + /i-^K/ifx)) + /i- 1 (A/i(x)) + ^^^(x) 2 ) 

then x G Z + . This is because for the relevant x, if + x) is defined then x G Z + . 
For the reverse, let x G Z + , and note that 

+ x)h(X + x)) = + x)(A + x)) = /i _1 (kA + kx + Ax + x 2 ) = 

kX + kx + Ax + x 2 . 

So 

kA + h-\Kh(x)) + n- 1 (A/i(x)) + ^^^(x) 2 ) = 

kX + /i _1 (kx) + /i _1 (Ax) + /i _1 (x 2 ) = kX + kx + Ax + x 2 . 

□ 
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Lemma 11.6. There exists a bijection h G K[F,1Z], h : R — > R, such that the following 
holds. For all x G R with 1 < x < /u, we have 

h~ l (h(K + x)h{\ + x)) = k\ + /T^k/iCx)) + /i _1 (A^(s)) + h^^x) 2 ) 

if and only if x is in Z + . 

Proof. Start with the /t given by Lemma lll.5l and iterate Lemmas II 1.21 and II 1.31 diagonal- 
izing over the countably many elements of R. □ 

Theorem 11.7. There is a model Ai of T[F]* with domain R, with the same 0, 1, + , < as 
1Z, with three elements fi, k, A such that the following holds. For all x G R with 1 < x < /x, 
we have (k + x)(A + x) = kA + kx + Ax + x 2 if and only if x is in Z + . In this equation, we 
use the multiplication of Ai . 

Proof. By Theorem 19.21 and Lemma lll.fil □ 
We say that a quadruple (M, /i, k, A) has property (*) if and only if 

(1) M is a model of T[F]* . 

(2) /j, k, A G dom(M). 

(3) The x G dom(M) for which 1 < x < /x and (k + x)(A + x) = k\ + kx + Ax + x 2 
contain 1 and are closed under +1. 

There is the stronger property (**) of (Ai,fi, k,, A) that asserts the following. 

(1) M is a model of T[F]*. 

(2) /j, k, X G dom(M). 

(3) The x G dom(M) for which 1 < x < /i and (k + x)(A + x) = kA + kx + Ax + x 2 are 
exactly the positive integers in A4. 

Corollary 11.8. Let D be a Diophantine equation over the positive integers. Then D has 
a solution in nonnegative integers if and only if the following holds. For all quadruples 
(Ai, fj,, k, A) with property (*), D has a solution over the x such that 1 < x < fx and 
(k + x)(A + x) = kX + kx + Ax + x 2 . 

Proof. Let D be as given. Suppose D has a solution in the positive integers. Let (Ai, fi, k, A) 
have property (*). Then the x such that 1 < x < \i and (k + x)(A + x) = kX + kx + Ax + x 2 
must contain the positive integers. 

Conversely, suppose that for all quadruples (M, [i,k,, A) with property (*), D has a 
solution over the x such that 1 < x < fi and (k + x)(A + x) = kX + kx + Ax + x 2 . By 
Theorem 111.81 there exists (Ai, /i, k, A) with property (**). Hence D has a solution over 
the positive integers. □ 

Theorem 11.9. The set of consequences of T[F]* without auxiliary constants, and of T[F] 
without auxiliary functions, is undecidable. In fact, the set of VW3* consequences of T[F}* 
without auxiliary constants, and of T[F] without auxiliary functions, is complete r.e. 

Proof. We use Corollary 111.81 and that Hilbert's 10th problem over Z + is complete r.e. We 
can express 

(Ai, fi, ft, A) has property (*) 
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as the formula <p((J,, n, A) given by 

(k + 1)(A + 1) = kA + k + A + 1A 

Vx ((1 < x < fi A (k + x(A + x) = k\ + + Ax + x 2 ) 



(1 < x + 1 < fi A (k + (x + 1))(A + (x + 1)) = k\ + k(x + 1) + A(x + 1) + (x + l) 2 )). 
Then we can write 

for all quadruples {Ai,fj,, k, A) with property (*), .D has a solution over the 



as the assertion that 

V/i, k, A (</3(//, K, A) — > 

D has a solution over the x such that 1 < x < /i and 

(k + x)(A + x) = kA + kx + Ax + x 2 ) 

is provable in Tfi 7 ]*. Note that the sentence above is in the form VVV3*. By Theorem 14,31 
we can replace T[F] by T[F\* . □ 



In Section Q we saw that the universal fragment of T[Q] is decidable. The proof, 
however, involves a complex reduction to the language of real closed fields. As a result, the 
procedure is of little practical importance: T[Q] is weaker than the theory of real closed 
fields, our decision procedure works for only the universal fragment of the language, and 
it does so less efficiently than procedures for the corresponding fragment of real closed 
fields. The procedure we describe is in no sense more extensible to larger languages than 
procedures for real closed fields. It may therefore seem as though we have taken a step in 
the wrong direction. 

We maintain, however, that the analysis provides guidance in designing heuristic pro- 
cedures for the reals that address the aims outlined in Section ^ An obvious strategy for 
capturing inferences like the ones described there is to work backwards from the desired 
conclusion, using the obvious monotonicity laws. For example, when the terms s, t, and u 
are known to be positive, one can prove st < uv by proving s < u and t < v. The examples 
presented in Section ^ can be verified by iteratively applying such rules. 

There are drawbacks to such an approach, however. For one thing, excessive case splits 
can lead to exponential blowup; e.g. one can show st > by showing that s and t are either 
both strictly positive or both strictly negative. And the relevant monotonicity inferences 
are generally nondeterministic: one can show r + s + t > Oby showing that two of the terms 
are nonnegative and the third is strictly positive, and one can show r + s<t + u + v + w, 
say, by showing r < u, s < t + v, and < w. 

In "straightforward" inferences that arise in practice, however, sign information is typi- 
cally available. This is the case with the examples in Section^ where all the relevant terms 
are easily seen to be positive. It is also the case with the following representative example, 
taken from the first author's formalization of the prime number theorem 0: verify 





12. Avoiding disjunctions 



(1 + 



) • n < Kx 



3(C + 3) 
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using the hypotheses 

n < (K/2)x 
< C 
< e < 1. 

This is easily verified by noting that 1 + 3 (J + ^ is strictly less than 2, and so the product 
with n is strictly less than 2(K/2)x = Kx. In this case, backchaining does not work, unless 
one thinks of replacing Kx by 2{{K/2)x) in the goal inequality. 

This example suggests that some form of forward search may be more fruitful: starting 
from the hypotheses, iteratively derive useful consequences, until the goal is obtained. Alter- 
natively, we negate the conclusion and add it to the list of hypotheses, and then iteratively 
derive consequences until we obtain a contradiction. Our analysis shows that if we separate 
terms, we can in fact use T a dd[F] and T mu i t [F] independently to derive consequences, and 
that we only have to consider consequences in the language of T comm [F]. This procedure 
is complete for the universal consequences of T"[.F], and works equally well if we combine 
other local decision procedures for languages that are disjoint except for = and <. 

But what consequences shall we look for? Once again, our analysis shows us that a 
single well-chosen interpolant suffices: if we pick the right 9, T a( id[F] will be able to derive 
9 from our initial set of hypotheses, while T mu i t [F] will be able to prove -*9. According to 
Proposition 16.31 and the discussion after it, we can assume, without loss of generality, that 9 
is a conjunction of disjunctions of literals of the form Xi < aXj,Xi < axj, Xi > aXj,Xi > axj, 
and comparisons between variables and constants in F. As a result, if the initial sequence 
of hypotheses can be refuted, there is a sequence 9\,02, ■ ■ ■ ,6 n of disjunctions of atomic 
formulas of the form above, such that T a( id [F] proves each formula 9% from the initial set of 
hypotheses, and T mu i t [F] proves a contradiction from these hypotheses and 9\, . . . , 9 n . Of 
course, the situation is symmetric, so we can just as well switch T a dd[F] and T mu i t [F] in the 
previous assertion. 

This reduces the task to that of deriving appropriate disjunctions 9i of atomic formulas 
Xi < axj from the initial hypotheses. The problem is that there are always infinitely many 
disjunctions that one can prove, and it may not be clear which ones are likely to be useful. 
For example, from x + y > 0, T a dd[F] can prove x > a V y > —a for any a, and, a priori, 
any of these may be useful to T mu i t [F\. 

One solution is simply to ignore disjunctions. By Proposition 12 .21 with some initial case 
splits we can reduce the problem of proving a universal formula to refuting a finite number 
of sets of formulas of the form A a dd U A mu it U A 

commi where 

• A 

add is a set of formulas of the form Xi = t, where t is a term in the language of 
T a dd [F] ; 

• A mu [ t is a set of formulas of the form Xi = t, where t is a term in the language of 

Tmuit [F] ; 

• A comm is a set of formulas of the form xi < axj,Xi < axj,Xi > axj,Xi > axj, or a 
comparison between a variable and a constant. 

Definition 12.1. Let A = A a dd U A mu it U A comm be as above. Say T[F] refutes A without 
case splits if there is a sequence of atomic formulas 9o, . . . , #2n such that the following hold: 

• for m < 2n, 9 m has the same form as the formulas in A comm ; 

• 9 2n is -L; 
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• for each m < n 



T add [F]uA add UA 



comm 



U {#o, ■ 



9- 



'2m- 1} ^ &2m] 



• for each m < n 



T mu u[F] U A mutt U A 



comm 



U{9 



02m} l~ #2m+l- 



In other words, T[F] refutes A without case splits if T add [F] and T mu it[F] can itera- 
tively augment a database of derivable atomic formulas in the common language until a 
contradiction is reached. This is a proper restriction on the theories T[.F], which is to say, 
there are sets A that can be refuted by T[F], but not without case splits. It takes some 
effort, though, to cook up an example. Here is one. Let 



From this, T mu i t [F] proves u > V u < 0, and hence (i < 1A?/ < l)V(w < lAz < 1). As a 
result, T[F] refutes A add U A mu &. But one can check that there are no atomic consequences 
involving the common variables, x, y, z and w, that follow from either set. (Strictly speaking, 
our characterization of A has us using new variables to name the additive and multiplicative 
terms in A add and A mu i t , respectively, and then putting the comparisons in A comm . But 
the net effect is the same.) 

Situations like this are contrived, however, and we expect that focusing on atomic con- 
sequences will be effective in many ordinary situations. The following proposition provides 
some encouragement. 

Proposition 12.2. Let A be a set of atomic formulas in the language of T add [F\. Let u 
and v be any two variables. Then there is a consequence, 9, of T add [F] U A in the language 
of 

T C omm[F]i involving only u and v, that implies all the consequences of the form u < av, 
u < av, v < au, or v < au that can be derived from T add [F] U A. In fact, 9 can be expressed 
as a conjunction of at most two formulas of the form u < av, u < av, u > av, u > av, 
v < 0, v < 0, v > 0, or v > 0. 

Proof. Use a linear elimination procedure to eliminate all variables except for u and v 
from A. The result is a set of linear inequalities involving u and v, which implies every 
other relation between u and v that is derivable from T add [F] U A. (If a relation is not a 
consequence of the resulting set of linear inequalities, its negation is consistent with them, 
and hence with T add [F]Li A.) This set of linear inequalities determines a convex subset of the 
cartesian plane. Considering extremal points, one can determine the minimal intersection 
of at most two half planes through the origin that includes this convex subset. □ 

An efficient algorithm for determining the convex polygon determined by a sequence of 
half-planes can be found in Section 4.2]. Keep in mind that there may be no nontrivial 
consequences of A, in which case we can take 9 to be the empty conjunction, T. Or A may 
contradictory, in which case we can take 9 to be _L, or v < A v > 0. Furthermore, 9 may 
not be strong enough to determine whether u and v are positive, negative, etc. In that case, 
as in the discussion after Proposition \tS.'A\ determining whether one inequality is stronger 
than another can be confusing. For example, 9 may be u > 2v A u > 3v; in the absence of 
sign information, neither conjunct is stronger. If one adds the information v > 0, 9 becomes 
v > A u > 3v . 



A add = {x + y>2,w + z>2} 
From this, T add [F] proves (x > 1 V y > 1) A (w > 1 V z > 1). Let 

A mu it = {ux 2 < ux,uy 2 < uy,uw 2 > uw,uz 2 > uz}. 
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On the multiplicative side, we have to assume we know the signs of the variables, and 
that F is closed under nth roots. 

Proposition 12.3. Let A be a set of atomic formulas in the language oiT mu it[F\. Assume 
that for each variable x occurring in A, A contains either the formula x > or the formula 
x < 0. Assume also that F is closed under nth roots of positive numbers for positive integers 
n. Let u and v be any two variables. Then there is a consequence, 9, of T mu i t \F] U A in the 
language of T comm [F], involving only u and v, that implies all the consequences of the form 
u < av, u < av, v < au, or v < au that can be derived from T mu i t [F] U A. In fact, 9 can be 
expressed as a conjunction of at most two formulas of the form u < av, u < av , u > av, or 
u > av. 

The good news is that the proof is even easier in this case. 

Proof. Introduce a new variable w, and the equation w = u/v. Eliminate all variables 
except for w. The result is a set of inequalities of the form w < a, w < a, w > a, and w > a, 
of which we can choose the strongest and then replace w by u/v. □ 

The requirement that we have sign information on the variables is generally needed to 
carry out the elimination procedure for T mu \ t [F] . We can always ensure that this information 
is present using case splits, though this can be computationally expensive. The requirement 
that F is closed under taking roots is also needed for the conclusion; for example, from 
{u > 0,u 2 > 2v 2 } we would like to conclude u > y/2v. For practical purposes, however, we 
will suggest, in the next section, that one should choose Q for F in an implementation, and 
avoid case splits. In that case, we can only hope for an approximation to Proposition 112. 
For example, when trying to put a multiplicative equation in pivot form, if we do not have 
sufficient sign information to determine the appropriate direction of an inequality, we can 
simply ignore this equation. And when required to take nth roots at the very end of the 
procedure, we can rely on crude approximations, such as tfa > 1 whenever a > 1. Once 
again, we expect that even with these concessions, the resulting procedure will be helpful 
in verifying commonplace inferences. 

This strategy, then, will form the basis for the heuristic procedure that we will suggest in 
the next section. We leave open one interesting theoretical question, though: is it decidable 
whether a theory T[F] can refute a set A without case splits? The proof of Theorem 15.21 
shows that trying to refute the set A corresponding to x 2 + 2x — 1 < leads to an infinite 
iteration, so the obvious search procedure is not guaranteed to terminate. 

13. Towards a heuristic procedure 

In this section, we discuss some possible avenues towards developing heuristic decision 
procedures, based on the analysis we have provided here. We are, of course, sensitive to the 
tremendous gap between neat decidability results and heuristic procedures that work well in 
practice. But we expect that the former can serve as a useful guide in the development of the 
latter, by clarifying the inherent possibilities and limitations of the method, and separating 
heuristic issues from theoretical ones. Of course, different heuristic approaches will have 
distinct advantages and disadvantages, and so different procedures can be expected to work 
better in different domains. We expect the type of algorithm we propose here to be fruitful 
for the kinds of examples discussed in Section E 
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Given a quantifier- free sequent in the language of T[Q], first, put all terms in normal 
form, as described in Section |HJ This will make it possible to identify subterms that are 
provably equal. For that purpose, one can use the simpler normal form described at the 
end of Section EJ 

Next, use new variables, recursively, to name additive and multiplicative subterms. 
These will form the sets A a( j<f and A TOU #. With these renamings, the original sequent will 
be equivalent to one in the language of T comm [Q] . 

Convert the resulting sequent to a finite sequence of sets A comm of inequalities x < ay, 
x < ay, x > ay, x > ay, to be refuted. For example, proving the sequent 

x = y,w < z u < v 

amounts to refuting the set A comm of formulas 

{x > y,x < y,w < z,v < u}. 

Note that the equality in the hypothesis is replaced by two inequalities. This seems to 
be a reasonable move, since with A a< id and A mu u, x and y may name complex terms; we 
imagine that this procedure will be called after obvious simplifications and rewriting have 
been performed. Also note that the task of proving an equality u = v splits into two tasks, 
namely, refuting u > v and refuting u < v. Again, this seems reasonable, since we envision 
this procedure being called when direct methods for proving equalities have failed. 

Now, try to refute each set A comm , with the following iterative procedure. First, for each 
pair of variables x,y in A comm , use T a ^[Q] U A comm to derive new or stronger inequalities 
of the form x < ay, x < ay, x > ay, or x > ay, as well comparisons between x and 
constants for each variable x. Add the new inequalities to A comm , removing ones that are 
subsumed by the new information. A comm can be represented as a table of comparisons for 
each pair {x,y} (for each pair, at most two formulas need to be stored), as well as a table 
of comparisons with constants for each variable x. Even though the procedure implicit in 
Proposition 112,21 invokes a linear elimination procedure (see the discussion and references in 
Section |SJ), the work can be shared when cycling through all possible pairs. For example, to 
determine all inequalities obtainable from a set with n variables, eliminate the first variable, 
x, and recursively determine all the inequalities obtainable from the resulting set with n 
variables; then determine all the inequalities that can be obtained with x and one other 
variable. Furthermore, at least initially, for most pairs no information will be available at 
all, and so will be eliminated quickly. We expect that for the types of problems that arise 
in ordinary practice, the number of variables and named subterms will be small enough to 
make the procedure manageable. If not, heuristics can be used to focus attention on pairs 
that are likely to provide useful information. 

Do the Scime with. T mu n mult- First, use the information in A mu n to determine the 

variables for which one has comparisons with 0. For a defining equation such as u = x 2 y 4 , 
the multiplicative procedure Cctn infer u ^ <xt th.6 start, and add. it to A cornrn for possible 
use by the additive procedure. With limited sign information on the variables, let the 
procedure for T mu / t [Q] U A mu i t do the best it can to eliminate variables. If it cannot make 
use of an inequality x k s < t to eliminate x because the sign of s is not known, simply ignore 
the inequality at this stage. It may become useful later on, if the sign of s becomes known. 

Iterate the additive and multiplicative steps, until one of A a ^UA comm or A mu i t {jA comm 
yields a contradiction. Of course, there is the question as to when to give up. One can 
certainly report failure when no new inequalities have been derived. But as noted at the 
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end of Section 1121 nonterminating iterations are possible; in that case, the procedure can 
simply give up after a fixed amount of time, or rely on the user to halt the procedure. 

14. Extending the heuristic 

There are many ways that one may extend the proposal in the previous section. These 
fall into general classes. 

Improvements to the heuristic. There are likely to be better ways of searching for useful 
comparisons between terms. For example, one can have a list of "focus" formulas - initially, 
one wants to include the goal formula as a focus formula - and search for inequalities 
between subterms of those. Also, one does not need to search for comparisons between two 
variables unless information has been added to A comm since the last such search that could 
potentially yield new information. Thus, a wise choice of data structures and representations 
of information in the database may yield significant improvements. 

Extensions to stronger fragments o/T[Q]. The procedure we have described does not try 
to derive disjunctions, which requires potentially costly case splits. Are there situations in 
which it makes sense to introduce such splits? For example, it may be useful to split on 
the sign of a variable, x > V x < 0; or to split on a comparison between two variables, 
x > y V x < y, where x and y name terms in the search. 

Conservative extensions of T[Q]. The functions which return nth roots, absolute value, 
minimums, and maximums can all be defined in T[Q], and it would be useful to extend the 
heuristic to languages that include these. But, as discussed at the end of Section |H1 one has 
to either introduce case splits at the outset to simplify terms appropriately, or simplify a 
term like y/a? to x when x > is determined in the course of the search. What is the best 
way to handle such extensions? 

Nonconservative extensions of T[Q], in the same language. An obvious shortcoming of 
T[Q] is that it fails to capture straightforward inferences that are easily obtained using 
distributivity. On the other hand, using distributivity to simplify an expression before 
calling a decision procedure for T[Q] can erase valuable information; for example, after 
simplification, T[Q] can no longer verify (x + l) 2 > 0. A better strategy is to perform such 
simplifications as the search proceeds, when occasion seems to warrant it, perhaps retaining 
the factored versions as well. 

As noted in Section^ it is reasonable to claim that any validity that requires complex 
factoring falls outside the range of the "obvious," and hence outside the scope of the problem 
we are concerned with here. But one would expect a good procedure to multiply through in 
at least some contexts, i.e. only use distributivity in the "left-to-right" direction to simplify 
expressions at hand. The question is how to work this in to the procedures described below 
in a principled way. It would also be nice to have a better theoretical framework to discuss 
provability with equalities "applied only in the left-to-right direction." 

Amalgamating other decision and heuristic procedures. A major advantage of the method 
described in Section ^] is that it can easily be scaled to allow other procedures to add 
facts to the common database. For example, one can easily make use of the equivalence 
x < y *-* f(x) < f{y) for a strictly monotone function /. One can similarly add procedures 
that make use of straightforward properties of transcendental functions like exp, In, sin, 
cos, and so on. 
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Extending the overlap. Just as one might make use of limited forms of distributivity, one 
can add restricted uses of laws like e x+y = e x e v , for the exponential function. 

Handling subdomains, like Z and Q, and extended domains, like C. For example, it is known 
that the linear theory of the reals with a predicate for the integers is decidable (see, for 
example, |28j). Handling mixed domains involving N, Z, Q, R, and/or C is an important 
challenge for heuristic procedures. 

15. Conclusions 

In order to obtain useful methods for verifying inferences in nontrivial mathematical 
situations, undecidability and infeasibility should encourage one to search for novel ways 
of delimiting manageable, restricted classes of inferences that include the ones that come 
up in ordinary mathematical practice. We hope our study of inferences involving inequali- 
ties between real-valued expressions that can be verified without using distributivity is an 
interesting and fruitful investigation along these lines. We also feel that the paradigm of 
amalgamating decision or heuristic procedures when there is nontrivial overlap between the 
theories is an important one for automated reasoning. 

However, we expect that similar investigations can be carried out in almost any math- 
ematical domain. This yields both theoretical and practical challenges. On the theoretical 
side, for example, there are questions of decidability and complexity. On the practical side, 
there is always the question of how to implement proof searches that work well in practice. 
As a result, we feel that this type of research represents a promising interaction between 
theory and practice. 
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